CVE-2023-3637

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
redhatCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
redhatopenstack_platform
13.0
redhatopenstack_platform
16.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bullseye (security)
2:17.2.1-0+deb11u1
fixed
bullseye
2:17.2.1-0+deb11u1
fixed
bookworm
2:21.0.0-7
fixed
trixie
2:25.0.0-3
fixed
sid
2:25.0.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
oracular
deferred
noble
deferred
mantic
ignored
lunar
ignored
jammy
deferred
focal
deferred
bionic
deferred
xenial
deferred
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:4283
https://access.redhat.com/security/cve/CVE-2023-3637
https://bugzilla.redhat.com/show_bug.cgi?id=2222270
https://access.redhat.com/errata/RHSA-2023:4283
https://access.redhat.com/security/cve/CVE-2023-3637
https://bugzilla.redhat.com/show_bug.cgi?id=2222270