VYPR
Medium severity6.5NVD Advisory· Published Sep 10, 2018· Updated Jun 17, 2026

CVE-2018-14635

CVE-2018-14635

Description

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
neutronPyPI
>= 13.0.0.0b1, < 13.0.0.0b213.0.0.0b2
neutronPyPI
< 11.0.611.0.6
neutronPyPI
>= 12.0.0, < 12.0.412.0.4

Affected products

2
  • ghsa-coords
    Range: >= 13.0.0.0b1, < 13.0.0.0b2
  • The Openstack Project/openstack-neutronv5
    Range: 13.0.0.0b2, 12.0.3, 11.0.5

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.