Add OSSA-2021-006 (CVE-2021-40797)
Change-Id: Ie61b5ffbec78e8c90e5ad773c9479f0d7ae1b932 Closes-Bug: #1942179
This commit is contained in:
parent
55e0ee4953
commit
4f5d81b664
|
@ -0,0 +1,59 @@
|
||||||
|
date: 2021-09-09
|
||||||
|
|
||||||
|
id: OSSA-2021-006
|
||||||
|
|
||||||
|
title: Routes middleware memory leak for nonexistent controllers
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Slawek Kaplonski with Red Hat reported a vulnerability in Neutron's routes
|
||||||
|
middleware. By making API requests involving nonexistent controllers, an
|
||||||
|
authenticated user may cause the API worker to consume increasing amounts of
|
||||||
|
memory, resulting in API performance degradation or denial of service. All
|
||||||
|
Neutron deployments are affected.
|
||||||
|
|
||||||
|
affected-products:
|
||||||
|
- product: Neutron
|
||||||
|
version: '<16.4.1, >=17.0.0 <17.2.1, >=18.0.0 <18.1.1'
|
||||||
|
|
||||||
|
vulnerabilities:
|
||||||
|
- cve-id: CVE-2021-40797
|
||||||
|
|
||||||
|
reporters:
|
||||||
|
- name: Slawek Kaplonski
|
||||||
|
affiliation: Red Hat
|
||||||
|
reported:
|
||||||
|
- CVE-2021-40797
|
||||||
|
|
||||||
|
issues:
|
||||||
|
links:
|
||||||
|
- https://launchpad.net/bugs/1942179
|
||||||
|
|
||||||
|
reviews:
|
||||||
|
xena:
|
||||||
|
- https://review.opendev.org/807335
|
||||||
|
|
||||||
|
wallaby:
|
||||||
|
- https://review.opendev.org/807632
|
||||||
|
|
||||||
|
victoria:
|
||||||
|
- https://review.opendev.org/807633
|
||||||
|
|
||||||
|
ussuri:
|
||||||
|
- https://review.opendev.org/807634
|
||||||
|
|
||||||
|
train:
|
||||||
|
- https://review.opendev.org/807635
|
||||||
|
|
||||||
|
stein:
|
||||||
|
- https://review.opendev.org/807636
|
||||||
|
|
||||||
|
rocky:
|
||||||
|
- https://review.opendev.org/807637
|
||||||
|
|
||||||
|
queens:
|
||||||
|
- https://review.opendev.org/807638
|
||||||
|
|
||||||
|
notes:
|
||||||
|
- The stable/train, stable/stein, stable/rocky, and stable/queens branches
|
||||||
|
are under extended maintenance and will receive no new point releases, but
|
||||||
|
patches for them are provided as a courtesy.
|
Loading…
Reference in New Issue