Main Vulnerability Database Vulnerabilities #VU16341

#VU16341 Improper input validation in openstack-neutron - CVE-2018-14635

Published: December 7, 2018 / Updated: December 10, 2018

Vulnerability identifier: #VU16341

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14635

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
openstack-neutron

Software vendor:
Openstack

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to improper IP address validation by the affected software when the Linux bridge ml2 driver is used.. A remote attacker can add a router interface to a network's subnet that includes an IP address outside the subnet's allocation pool and cause a DoS condition if the added IP address is already assigned to another system.

Remediation

The vulnerability has been fixed in the version 13.0.0.0b2, 12.0.3, 11.0.5.

External links

https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d

#VU16341 Improper input validation in openstack-neutron - CVE-2018-14635

Description

Remediation

External links

Please verify you're human