CVE-2021-40797

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-40797
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40797.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-40797
Aliases
Downstream
Related
Published
2021-09-08T20:15:11.060Z
Modified
2026-04-12T02:00:19.798099Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

References

Affected packages

Git / github.com/openstack/neutron

Affected ranges

Type
GIT
Repo
https://github.com/openstack/neutron
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6a761dc42da99625bb18b4aabf4e2b340396c78c
Introduced
f7282d909ed3f5834748995b00b70413f1b43495
Fixed
d961731a73128125ebf03fae52b4b34f3e7abf27
Introduced
5858f6c5023121ea645c832ab87f078f0249adeb
Fixed
c5e86f4f8f7e36233f383323e24e72dbe28efc04
Database specific 
{
    "cpe": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.4.1"
        },
        {
            "introduced": "17.0.0"
        },
        {
            "fixed": "17.2.1"
        },
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.1.1"
        }
    ]
}

Affected versions

10.*
10.0.0.0b1
10.0.0.0b2
10.0.0.0b3
10.0.0.0rc1
11.*
11.0.0.0b1
11.0.0.0b2
11.0.0.0b3
11.0.0.0rc1
12.*
12.0.0.0b1
12.0.0.0b2
12.0.0.0b3
12.0.0.0rc1
13.*
13.0.0.0b1
13.0.0.0b2
13.0.0.0b3
13.0.0.0rc1
14.*
14.0.0
14.0.0.0b1
14.0.0.0b2
14.0.0.0b3
14.0.0.0rc1
15.*
15.0.0.0b1
15.0.0.0rc1
16.*
16.0.0
16.0.0.0b1
16.0.0.0rc1
16.0.0.0rc2
16.1.0
16.2.0
16.3.0
16.3.1
16.3.2
16.4.0
17.*
17.0.0
17.0.0.0rc2
17.1.0
17.1.1
17.1.2
17.2.0
18.*
18.0.0
18.0.0.0rc2
18.1.0
2013.*
2013.1.g3
2013.2.b2
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
7.*
7.0.0.0b1
7.0.0.0b2
7.0.0.0b3
7.0.0a0
8.*
8.0.0.0b1
8.0.0.0b2
8.0.0.0b3
8.0.0.0rc1
9.*
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
Other
essex-1
essex-3
folsom-1
folsom-3
grizzly-1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40797.json"