Openstack · Openstack Neutron · CVE-2014-3555
**Name of the Vulnerable Software and Affected Versions**
OpenStack Neutron versions before 2013.2.4
OpenStack Neutron versions 2014.x before 2014.1.2
OpenStack Neutron Juno before Juno-2
**Description**
The issue allows remote authenticated users to cause a denial of service by creating a large number of allowed address pairs, potentially leading to a crash or long firewall rule updates.
**Recommendations**
For OpenStack Neutron versions before 2013.2.4, update to version 2013.2.4 or later.
For OpenStack Neutron versions 2014.x before 2014.1.2, update to version 2014.1.2 or later.
For OpenStack Neutron Juno before Juno-2, update to Juno-2 or later.