OSSA-2014-025: Denial of Service in Neutron allowed address pair

OSSA-2014-025: Denial of Service in Neutron allowed address pair¶

Date:: July 17, 2014
CVE:: CVE-2014-3555

Affects¶

Neutron: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Description¶

Liping Mao from Cisco reported a denial of service vulnerability in Neutron’s handling of allowed address pair. By creating a large number of allowed address pairs, an authenticated user may overwhelm neutron firewall rules and render compute nodes unusable. All Neutron setups are affected.

Patches¶

https://review.openstack.org/#/c/107731 (Havana)
https://review.openstack.org/#/c/107733 (Icehouse)
https://review.openstack.org/#/c/107734 (Juno)

Credits¶

Liping Mao from Cisco (CVE-2014-3555)

References¶

this page last updated: 2025-08-14 17:43:06

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.