CVE-2014-8153

EUVD-2014-7994
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
litechrouter_advertisement_daemon
2.0
openstackneutron
2014.2
openstackneutron
2014.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bookworm
2:21.0.0-7
fixed
bullseye
2:17.2.1-0+deb11u1
fixed
bullseye (security)
2:17.2.1-0+deb11u1
fixed
sid
2:25.0.0-1
fixed
trixie
2:25.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
lucid
dne
precise
dne
trusty
dne
utopic
ignored
Common Weakness Enumeration
References
http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html
http://www.securityfocus.com/bid/71961
https://bugs.launchpad.net/neutron/+bug/1398779
https://bugs.launchpad.net/neutron/+bug/1399172
https://bugzilla.redhat.com/show_bug.cgi?id=1169408
http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html
http://www.securityfocus.com/bid/71961
https://bugs.launchpad.net/neutron/+bug/1398779
https://bugs.launchpad.net/neutron/+bug/1399172
https://bugzilla.redhat.com/show_bug.cgi?id=1169408