OpenStack Neutron Improper Input Validation vulnerability

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2022-05-14 02:19:50 UTC
Updated
2023-02-08 18:00:32 UTC
GitHub reviewed
2023-02-08 18:00:32 UTC
NVD published
2015-08-26

EPSS Score

Score Percentile
12.60% 93.79%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-20 Improper Input Validation

Affected packages (2)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip neutron < 2014.2.4 2014.2.4
pip neutron >= 2015.1.0, < 2015.1.1 2015.1.1

References

cvelogic Threat Intelligence