Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1odm00LW1jN20tMjJ3NM4AAppM
OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
Permalink: https://github.com/advisories/GHSA-hvm4-mc7m-22w4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1odm00LW1jN20tMjJ3NM4AAppM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 2 months ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-hvm4-mc7m-22w4, CVE-2021-38598
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-38598
- https://launchpad.net/bugs/1938670
- https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf
- https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575
- https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639
- https://github.com/advisories/GHSA-hvm4-mc7m-22w4
Blast Radius: 19.4
Affected Packages
pypi:neutron
Dependent packages: 24Dependent repositories: 134
Downloads: 24,480 last month
Affected Version Ranges: = 18.0.0, >= 17.0.0, < 17.1.3, < 16.4.1
Fixed in: , 17.1.3, 16.4.1
All affected versions: 10.0.5, 10.0.6, 10.0.7, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.1.0, 12.1.1, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.1.0, 14.2.0, 14.3.0, 14.3.1, 14.4.0, 14.4.1, 14.4.2, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.2.0, 15.3.0, 15.3.1, 15.3.2, 15.3.3, 15.3.4, 16.0.0, 16.1.0, 16.2.0, 16.3.0, 16.3.1, 16.3.2, 16.4.0, 17.0.0, 17.1.0, 17.1.1, 17.1.2, 18.0.0
All unaffected versions: 16.4.1, 16.4.2, 17.2.0, 17.2.1, 17.3.0, 17.4.0, 17.4.1, 18.1.0, 18.1.1, 18.2.0, 18.3.0, 18.4.0, 18.5.0, 18.6.0, 19.0.0, 19.1.0, 19.2.0, 19.3.0, 19.4.0, 19.5.0, 19.6.0, 19.7.0, 20.0.0, 20.1.0, 20.2.0, 20.3.0, 20.3.1, 20.4.0, 20.5.0, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 22.0.0, 22.0.1, 22.0.2, 22.1.0, 23.0.0, 23.1.0, 24.0.0