CVE-2016-0738

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

References

Affected packages

Git / github.com/openstack/swift

Affected ranges

Type

GIT

Repo

https://github.com/openstack/swift

Events

Introduced

Last affected

f8dee761bd36f857aa1288c27e095907032fad68

Introduced

Last affected

51819f1179db246b3d2b9c6fd660e0f81a383db5

Introduced

Last affected

47eb6a37f86f29c355297b556c2ff898c98da9b2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.0-1

1.0.1

1.0.2

1.1.0

1.10.0

1.10.0.rc1

1.11.0

1.12.0

1.13.0

1.13.1

1.13.1.rc1

1.13.1.rc2

1.2.0

1.3.0

1.3gamma1

1.3rc1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.5.0

1.6.0

1.7.0

1.7.2

1.7.4

1.7.5

1.7.6

1.8.0

1.8.0.rc1

1.8.0.rc2

1.9.0

1.9.1

1.9.2

2.*

2.0.0

2.0.0.rc1

2.0.0.rc2

2.1.0

2.1.0.rc1

2.2.0

2.2.0.rc1

2.2.1

2.2.1.rc1

2.2.1c1

2.2.2

2.2.2rc1

2.3.0

2.3.0rc1

2.3.0rc2

Other

diablo-eol

erasure_code_dev_history

essex-eol

folsom-eol

grizzly-eol

havana-eol

icehouse-eol

juno-eol

storage-policy-historical

upstream-1.*

upstream-1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0738.json"