CVE-2021-40797
OpenStack Neutron Denial of Service vulnerability
6.5
MEDIUM
CVSS 3.1
EPSS 0.69%
Description
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
How to fix CVE-2021-40797
To remediate CVE-2021-40797, upgrade the affected package to a fixed version below.
- —upgrade to 2:17.2.1-0+deb11u1 or later
- —upgrade to 16.4.1 or later
- —upgrade to 16.4.1 or later
Is CVE-2021-40797 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2:17.2.1-0+deb11u1
- from 0, < 16.4.1
- from 0, < 16.4.1, >= 17.0.0, < 17.2.1, >= 18.0.0, < 18.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |