os-vif@1.15.1 vulnerabilities
A library for plugging and unplugging virtual interfaces in OpenStack.
-
latest version
4.0.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
4 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the os-vif package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
os-vif is an A library for plugging and unplugging virtual interfaces in OpenStack. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to a hard-coded MAC aging time of 0, which disables MAC learning in Linuxbridge, forcing obligatory Ethernet flooding of non-local destinations. This not only impedes network performance but also allows users to potentially view the content of packets for instances belonging to other tenants sharing the same network. This issue occurs in Note Only deployments using the linuxbridge backend are affected. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[1.15.0,1.15.2)
[1.16.0,1.17.0)
|