CVE-2016-0738

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

References

Affected packages

Git / github.com/openstack/swift

Affected ranges

Type

GIT

Repo

https://github.com/openstack/swift

Events

Introduced

Last affected

f8dee761bd36f857aa1288c27e095907032fad68

Introduced

Last affected

51819f1179db246b3d2b9c6fd660e0f81a383db5

Introduced

Last affected

47eb6a37f86f29c355297b556c2ff898c98da9b2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.0-1

1.0.1

1.0.2

1.1.0

1.10.0

1.10.0.rc1

1.11.0

1.12.0

1.13.0

1.13.1

1.13.1.rc1

1.13.1.rc2

1.2.0

1.3.0

1.3gamma1

1.3rc1

1.4.0

1.4.1

1.4.2

1.4.5

1.4.6

1.8.0.rc1

1.9.2

2.*

2.0.0

2.0.0.rc1

2.0.0.rc2

2.1.0

2.1.0.rc1

2.2.0

2.2.0.rc1

2.2.1

2.2.1.rc1

2.2.1c1

2.2.2

2.2.2rc1

2.3.0

2.3.0rc1

2.3.0rc2

upstream-1.*

upstream-1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0738.json"