CVE-2015-3221 — OpenStack Neutron Improper Input Validation vulnerability

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

How to fix CVE-2015-3221

To remediate CVE-2015-3221, upgrade the affected package to a fixed version below.

Debian/neutron—upgrade to 2015.1.0+2015.06.24.git61.bdf194a0e1-1 or later
PyPI/neutron—upgrade to 2014.2.4 or later

Is CVE-2015-3221 being exploited?

Moderate — EPSS is 14.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 2015.1.0+2015.06.24.git61.bdf194a0e1-1
from 0, < 2014.2.4

References (11)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-3221
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-3221
PATCHopendev.org/openstack/neutron
WEBlists.openstack.org/pipermail/openstack-announce/2015-June/000377.html
WEB