VYPR
High severityNVD Advisory· Published May 28, 2021· Updated Aug 3, 2024

CVE-2021-20267

CVE-2021-20267

Description

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
neutronPyPI
>= 16.0.0, < 16.3.116.3.1
neutronPyPI
< 15.3.315.3.3
neutronPyPI
>= 17.0.0, < 17.1.117.1.1

Affected products

2
  • OpenStack project/openstack-neutrondescription
  • ghsa-coords
    Range: >= 16.0.0, < 16.3.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.