Comment 24 for bug 1942179
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: neutron api worker leaks memory when processing requests to not existing controllers | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
As fixes have merged to all of Neutron's maintained stable branches, we can (and probably should) issue an advisory for this defect. I propose we use the following impact description to request a CVE assignment from MITRE, but please let me know if this isn't entirely accurate so I can correct it:
Title: Routes middleware memory leak for nonexistent controllers
Reporter: Slawek Kaplonski (Red Hat)
Products: Neutron
Affects: <16.4.1, >=17.0.0 <17.2.1, >=18.0.0 <18.1.1
Description:
Slawek Kaplonski with Red Hat reported a vulnerability in Neutron's routes middleware. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. All Neutron deployments are affected.