Comment 2 for bug 1816727

I agree, from the description, this seems to fall into that grey area between exploitable denial of service vulnerability and security hardening opportunity. If this turns out to be an obviously incorrect implementation in openstack/nova for which an effective fix can be safely backported to affected stable branches, and assuming it's not already at least as easy for an unauthenticated user to have a similar impact by sending other sorts of traffic to that socket, then I can see making the case for issuing an advisory. That said, I would also support not continuing this in private under embargo, if you and the Nova security reviewers feel the report isn't of an overly-sensitive nature.