CVE-2015-3221 – neutron

Package

Manager: pip
Name: neutron
Vulnerable Version: >=0 <2014.2.4 || >=2015.1.0 <2015.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.1067 pctl0.93024

Details

OpenStack Neutron Improper Input Validation vulnerability OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Metadata

Created: 2022-05-14T02:19:50Z
Modified: 2023-02-08T18:00:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wf44-4mgj-rwvx/GHSA-wf44-4mgj-rwvx.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-wf44-4mgj-rwvx
Finding: F184
Auto approve: 1