Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-40797

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Related bugs and status

CVE-2021-40797 (Candidate) is related to these bugs:

Bug #1942179: [OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)

Summary				In	Importance	Status
	1942179	[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)		neutron	Critical	Fix Released
	1942179	[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)		OpenStack Security Advisory	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://security.opens...
MISC: https://launchpad.net/...
MLIST: [oss-security] 2021090...