CVE-2023-3637

Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)

Description

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2023:4283	vendor advisory
https://access.redhat.com/security/cve/CVE-2023-3637	vdb entry vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2222270	vendor advisory issue tracking

Frequently Asked Questions

What is the severity of CVE-2023-3637?: CVE-2023-3637 has been scored as a medium severity vulnerability.
How to fix CVE-2023-3637?: To fix CVE-2023-3637, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-3637 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-3637 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3637?: CVE-2023-3637 affects Red Hat Red Hat OpenStack Platform 16.2, Red Hat Red Hat OpenStack Platform 13 (Queens) Operational Tools, Red Hat Red Hat OpenStack Platform 16.1, Red Hat Red Hat OpenStack Platform 17.0, Red Hat Red Hat OpenStack Platform 17.1, Red Hat Red Hat OpenStack Platform 18.0.

Description

Category

CWE-400 – Uncontrolled Resource Consumption

References

Frequently Asked Questions