Moderate severityNVD Advisory· Published Aug 26, 2015· Updated May 6, 2026

CVE-2015-3221

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
neutronPyPI	< 2014.2.4	2014.2.4
neutronPyPI	>= 2015.1.0, < 2015.1.1	2015.1.1

Affected products

OpenStack/Neutron
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
Range: >=2014.2,<2014.2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.openstack.org/pipermail/openstack-announce/2015-June/000377.htmlnvdVendor AdvisoryWEB
rhn.redhat.com/errata/RHSA-2015-1680.htmlnvdVendor AdvisoryWEB
www.securityfocus.com/bid/75368nvdThird Party AdvisoryVDB Entry
bugs.launchpad.net/neutron/+bug/1461054nvdThird Party AdvisoryWEB
github.com/advisories/GHSA-wf44-4mgj-rwvxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-3221ghsaADVISORY
access.redhat.com/errata/RHSA-2015:1680ghsaWEB
access.redhat.com/security/cve/CVE-2015-3221ghsaWEB
bugzilla.redhat.com/show_bug.cgighsaWEB
git.openstack.org/cgit/openstack/neutron/commit/ghsaWEB
opendev.org/openstack/neutronghsaPACKAGE
web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000