CVE 2016-0737
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
Related bugs and status
CVE-2016-0737 (Candidate) is related to these bugs:
Bug #1466549: [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1466549 | [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737) | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
1466549 | [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737) | OpenStack Security Advisory | Undecided | Fix Released |
Bug #1493303: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)
Bug #1542145: [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack | High | Fix Released | ||
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack 5.1.x | High | Invalid | ||
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack 7.0.x | High | Fix Released | ||
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack 6.1.x | High | Invalid | ||
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack 8.0.x | High | Fix Released | ||
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack 6.0.x | High | Invalid | ||
1542145 | [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) | Mirantis OpenStack 9.x | High | Fix Released |
See the
CVE page on Mitre.org
for more details.