VYPR
Moderate severityNVD Advisory· Published Jul 25, 2023· Updated Nov 20, 2025

Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)

CVE-2023-3637

Description

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
neutronPyPI
<= 22.0.2

Affected products

7
  • Red Hat/Openstackcpe-rescue5 versions
    cpe:/a:redhat:openstack:16.1+ 4 more
    • cpe:/a:redhat:openstack:16.1
    • cpe:/a:redhat:openstack:16.2::el8range: 1:15.3.5-2.20230216175503.el8ost
    • cpe:/a:redhat:openstack:17.0
    • cpe:/a:redhat:openstack:17.1
    • cpe:/a:redhat:openstack:18.0
  • Red Hat/Red Hat OpenStack Platform 13 (Queens) Operational Toolsv5
    cpe:/a:redhat:openstack-optools:13
  • ghsa-coords
    Range: <= 22.0.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.