Miggo Logo

CVE-2016-0738: OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.90063%
CWE
-
Published
5/17/2022
Updated
2/13/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
swiftpip< 2.3.12.3.1
swiftpip>= 2.4.0, < 2.5.12.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability root cause was identified in the SegmentedIterable class handling large object transfers. Multiple sources (bug reports, commit diffs, and OSSA advisory) show the fix involved adding explicit closure of app_iter generators in SegmentedIterable.close() to resolve cyclic references. This matches the CVE description of connection resource leaks during interrupted requests to large objects.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k O*j**t Stor*** (Swi*t) ***or* *.*.* (Kilo), *.*.x, *n* *.*.x ***or* *.*.* (Li**rty) *o not prop*rly *los* s*rv*r *onn**tions, w*i** *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (proxy-s*rv*r r*sour** *onsumption) vi* * s*ri*s o* int

Reasoning

T** vuln*r**ility root **us* w*s i**nti*i** in t** `S**m*nt**It*r**l*` *l*ss **n*lin* l*r** o*j**t tr*ns**rs. Multipl* sour**s (*u* r*ports, *ommit *i**s, *n* OSS* **visory) s*ow t** *ix involv** ***in* *xpli*it *losur* o* `*pp_it*r` **n*r*tors in `S