High severity8.2NVD Advisory· Published Jun 17, 2016· Updated Jun 17, 2026
CVE-2016-5363
CVE-2016-5363
Description
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
neutronPyPI | < 7.1.0 | 7.1.0 |
neutronPyPI | >= 8.0.0, < 8.1.0 | 8.1.0 |
Affected products
32cpe:2.3:a:openstack:neutron:7.0.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:openstack:neutron:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:8.1.0:*:*:*:*:*:*:*
- ghsa-coords25 versionspkg:pypi/neutronpkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-networking-cisco&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%206
< 7.1.0+ 24 more
- (no CPE)range: < 7.1.0
- (no CPE)range: < 5.0.4~a0~dev6-6.1
- (no CPE)range: < 5.0.4~a0~dev6-6.2
- (no CPE)range: < 7.0.3~a0~dev2-7.1
- (no CPE)range: < 7.0.3~a0~dev2-7.1
- (no CPE)range: < 8.0.2~a0~dev34-8.1
- (no CPE)range: < 11.0.2~a0~dev13-7.1
- (no CPE)range: < 11.0.2~a0~dev13-7.1
- (no CPE)range: < 5.0.2~a0~dev93-9.1
- (no CPE)range: < 5.0.2~a0~dev93-9.3
- (no CPE)range: < 8.1.1~a0~dev13-3.1
- (no CPE)range: < 8.1.1~a0~dev13-3.2
- (no CPE)range: < 1.0.2~a0~dev11-9.1
- (no CPE)range: < 1.0.2~a0~dev11-9.2
- (no CPE)range: < 7.1.2~a0~dev29-10.1
- (no CPE)range: < 7.1.2~a0~dev29-10.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 12.0.5~a0~dev2-7.1
- (no CPE)range: < 12.0.5~a0~dev2-7.1
- (no CPE)range: < 1.0+git.1467079370.4f2c49d-7.1
- (no CPE)range: < 2.1.1-6.1
- (no CPE)range: < 1.7.2-4.1
Patches
Vulnerability mechanics
References
18- github.com/advisories/GHSA-9pp3-cvmq-9p22ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5363ghsaADVISORY
- security.openstack.org/ossa/OSSA-2016-009.htmlnvdVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/06/10/5nvdWEB
- www.openwall.com/lists/oss-security/2016/06/10/6nvdWEB
- access.redhat.com/errata/RHSA-2016:1473nvdWEB
- access.redhat.com/errata/RHSA-2016:1474nvdWEB
- bugs.launchpad.net/neutron/+bug/1558658nvdWEB
- github.com/openstack/neutron/commit/5853af9cba6733725d6c9ac0db644f426713f0cfghsaWEB
- github.com/openstack/neutron/commit/6a93ee8ac1a901c255e3475a24f1afc11d8bf80fghsaWEB
- github.com/openstack/neutron/commit/997d7b03fb7f5528f0a3ce70867b9dcd9321509eghsaWEB
- github.com/openstack/neutron/commit/fd5fd259a02156babdfcb12f66cde6ec9e7274aeghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgnvd
- review.openstack.orgnvd
- review.openstack.orgnvd
News mentions
0No linked articles in our index yet.