Alistair Coles

**Name of the Vulnerable Software and Affected Versions** OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 **Description** The s3api middleware contains a flaw where the `StreamingInput` class enters an infinite loop when processing a truncated aws-chunked PUT request body. This occurs because the system repeatedly appends an empty buffer and re-reads the input, causing the proxy-server worker to become permanently unresponsive while consuming increasing amounts of CPU and memory. An authenticated attacker can exploit this to exhaust all proxy-server workers, leading to a denial of service. **Recommendations** Update versions 2.36.0 through 2.36.1 to 2.36.2. Update versions 2.37.0 through 2.37.1 to 2.37.2.