{"id":"PYSEC-2019-190","details":"An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)","aliases":["CVE-2019-9735","GHSA-9773-3fqg-8w25"],"modified":"2024-04-10T19:11:26.152121Z","published":"2019-03-13T02:29:00Z","references":[{"type":"WEB","url":"https://launchpad.net/bugs/1818385"},{"type":"WEB","url":"http://www.securityfocus.com/bid/107390"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4409"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2019-001.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Mar/24"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/03/18/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0935"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0916"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0879"},{"type":"WEB","url":"https://usn.ubuntu.com/4036-1/"}],"affected":[{"package":{"name":"neutron","ecosystem":"PyPI","purl":"pkg:pypi/neutron"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12.0.0"},{"fixed":"12.0.6"},{"introduced":"13.0.0"},{"fixed":"13.0.3"},{"introduced":"11.0.0"},{"fixed":"11.0.7"},{"introduced":"0"},{"fixed":"10.0.8"}]}],"versions":["0.0","10.0.5","10.0.6","10.0.7","11.0.3","11.0.4","11.0.5","11.0.6","12.0.0","12.0.1","12.0.2","12.0.3","12.0.4","12.0.5","13.0.0","13.0.1","13.0.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2019-190.yaml"}}],"schema_version":"1.7.3"}