CVE-2019-10876

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10876
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10876.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10876
Aliases
Related
Published
2019-04-05T05:29:03Z
Modified
2024-09-18T01:00:21Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

References

Affected packages

Debian:11 / neutron

Package

Name
neutron
Purl
pkg:deb/debian/neutron?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.2-15

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / neutron

Package

Name
neutron
Purl
pkg:deb/debian/neutron?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.2-15

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / neutron

Package

Name
neutron
Purl
pkg:deb/debian/neutron?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.2-15

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/neutron

Affected ranges

Type
GIT
Repo
https://github.com/openstack/neutron
Events
Introduced
5212c9c563e9470ce9e6abd76bdef22fa652a9b3
Fixed
7ba0d8fb49ad2f86683172ed6fc06fdb44b473a6