{"id":"CVE-2021-40085","details":"An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.","aliases":["GHSA-fh73-gjvg-349c","PYSEC-2021-361"],"modified":"2026-04-10T04:37:43.321415Z","published":"2021-08-31T18:15:08.837Z","related":["SUSE-SU-2022:1729-1","SUSE-SU-2022:1884-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4983"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html"},{"type":"REPORT","url":"https://launchpad.net/bugs/1939733"},{"type":"FIX","url":"https://security.openstack.org/ossa/OSSA-2021-005.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2021/08/31/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/neutron","events":[{"introduced":"0"},{"fixed":"6a761dc42da99625bb18b4aabf4e2b340396c78c"},{"introduced":"f7282d909ed3f5834748995b00b70413f1b43495"},{"fixed":"d961731a73128125ebf03fae52b4b34f3e7abf27"},{"introduced":"5858f6c5023121ea645c832ab87f078f0249adeb"},{"fixed":"c5e86f4f8f7e36233f383323e24e72dbe28efc04"},{"introduced":"0"},{"last_affected":"71f2d2bc90aaf9ee696cd4e4f29879ba6c5703b5"},{"introduced":"0"},{"last_affected":"9886bdaf1f1654cd88961615c3cdb89e6d05e82e"},{"introduced":"0"},{"last_affected":"5212c9c563e9470ce9e6abd76bdef22fa652a9b3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"16.4.1"},{"introduced":"17.0.0"},{"fixed":"17.2.1"},{"introduced":"18.0.0"},{"fixed":"18.1.1"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"11.0"}]}}],"versions":["10.0.0","10.0.0.0b1","10.0.0.0b2","10.0.0.0b3","10.0.0.0rc1","10.0.0.0rc2","11.0.0","11.0.0.0b1","11.0.0.0b2","11.0.0.0b3","11.0.0.0rc1","11.0.0.0rc2","11.0.0.0rc3","12.0.0.0b1","12.0.0.0b2","12.0.0.0b3","12.0.0.0rc1","13.0.0.0b1","13.0.0.0b2","13.0.0.0b3","13.0.0.0rc1","14.0.0","14.0.0.0b1","14.0.0.0b2","14.0.0.0b3","14.0.0.0rc1","15.0.0.0b1","15.0.0.0rc1","16.0.0","16.0.0.0b1","16.0.0.0rc1","16.0.0.0rc2","16.1.0","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","17.0.0","17.0.0.0rc2","17.1.0","17.1.1","17.1.2","17.2.0","18.0.0","18.0.0.0rc2","18.1.0","2013.1.g3","2013.2.b2","2013.2.rc1","2014.1.b1","2014.1.b2","2014.1.b3","2014.1.rc1","2014.2.b1","2014.2.b2","2014.2.b3","2014.2.rc1","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","7.0.0.0b1","7.0.0.0b2","7.0.0.0b3","7.0.0a0","8.0.0.0b1","8.0.0.0b2","8.0.0.0b3","8.0.0.0rc1","9.0.0","9.0.0.0b1","9.0.0.0b2","9.0.0.0b3","9.0.0.0rc1","9.0.0.0rc2","9.0.0.0rc3","essex-1","essex-3","folsom-1","folsom-3","grizzly-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}