Improper input validation in Openstack Neutron
CVE-2014-7821
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.022 (84.7th percentile) — read the EPSS interpretation.
Affected products
- Openstack Neutron
- Fedoraproject Fedora — versions 20
- Redhat Openstack — versions 4.0
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2014:1938 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- neutron-cve20147821-dos(98818) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- RHSA-2015:0044 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- FEDORA-2015-5997 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- [openstack-announce] 20141119 [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821) (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
- RHSA-2014:1942 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 62586 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)