CVE-2014-3555: OpenStack Neutron allows remote authenticated users to cause a denial of service
4
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.76271%
CWE
-
Published
5/17/2022
Updated
4/14/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
neutron | pip | < 2013.2.4 | 2013.2.4 |
neutron | pip | >= 2014.1.0, < 2014.1.2 | 2014.1.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing quota checks when processing allowed address pairs. The patches add validation in _validate_allowed_address_pairs and its callers. These functions would appear in profilers when handling malicious API requests creating numerous address pairs. The database mixin function is included as it's the entry point that would show up in stack traces during mass rule creation attempts.