Unrated severityNVD Advisory· Published Nov 24, 2014· Updated May 6, 2026

CVE-2014-7821

Description

A crafted dns_nameservers value in OpenStack Neutron lets authenticated users crash the service, causing denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted dns_nameservers value in OpenStack Neutron lets authenticated users crash the service, causing denial of service.

Vulnerability

A denial of service vulnerability exists in OpenStack Neutron before versions 2014.1.4 and 2014.2.1. The bug is triggered by a specially crafted dns_nameservers value in the DNS configuration, which causes the Neutron service to crash when processed by the affected code path. [1][2][3]

Exploitation

An attacker must have valid authentication to the Neutron API. No additional privileges or network position are required; the attacker sends a request with a malformed dns_nameservers parameter, which the service fails to handle safely. The crash occurs immediately upon processing the crafted value. [2][3]

Impact

Successful exploitation causes a denial of service (DoS) by crashing the Neutron service, disrupting network connectivity management for virtual machines. There is no indication of information disclosure or code execution; impact is limited to availability. [2][3][4]

Mitigation

Updates have been released to fix this issue. Versions 2014.1.4 and 2014.2.1 contain the fix. Red Hat issued advisories RHSA-2014:1942, RHSA-2014:1938 (for Red Hat Enterprise Linux OpenStack Platform 5.0), and RHSA-2015:0044 (for Red Hat Enterprise Linux OpenStack Platform 4.0). Users should upgrade to the patched packages. [1][2][3]

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

OpenStack/Neutron2 versions
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*range: >=2012.2.1,<2014.1.4
- (no CPE)range: <2014.1.4, >=2014.2.0 <2014.2.1
Red Hat/Openstack
cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
Fedoraproject/Fedora
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.openstack.org/pipermail/openstack-announce/2014-November/000303.htmlnvdPatchVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1938.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1942.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-0044.htmlnvdThird Party Advisory
secunia.com/advisories/62586nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
bugs.launchpad.net/neutron/+bug/1378450nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/98818nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000