{"id":"CVE-2016-5363","details":"The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.","aliases":["GHSA-9pp3-cvmq-9p22"],"modified":"2026-03-20T11:11:29.073690Z","published":"2016-06-17T15:59:04.320Z","related":["SUSE-SU-2016:2143-1"],"references":[{"type":"WEB","url":"https://review.openstack.org/#/c/299021/"},{"type":"WEB","url":"https://review.openstack.org/#/c/299023/"},{"type":"WEB","url":"https://bugs.launchpad.net/neutron/+bug/1558658"},{"type":"WEB","url":"https://review.openstack.org/#/c/299025/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/06/10/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/06/10/6"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1473"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1474"},{"type":"ADVISORY","url":"https://security.openstack.org/ossa/OSSA-2016-009.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/neutron","events":[{"introduced":"0"},{"last_affected":"6dcfe3a9362ae5fcf18e5cfb59663e43446cd59c"},{"introduced":"0"},{"last_affected":"28961debfbfc906bca2580f37e21870d59ea90df"},{"introduced":"0"},{"last_affected":"30b53c9cc5d1bc8bce3c5d5cda7856e28098d18b"},{"introduced":"0"},{"last_affected":"197b188ea8bfdfd023b2da3b7572e9387568c500"},{"introduced":"0"},{"last_affected":"b80fa23ac0b292db84df84855141eb16a4e0fec0"},{"introduced":"0"},{"last_affected":"3213eb124e40b130e174ac3a91067e2b196788dd"},{"introduced":"0"},{"last_affected":"a323769143001d67fd1b3b4ba294e59accd09e0e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.0"},{"introduced":"0"},{"last_affected":"7.0.1"},{"introduced":"0"},{"last_affected":"7.0.2"},{"introduced":"0"},{"last_affected":"7.0.3"},{"introduced":"0"},{"last_affected":"7.0.4"},{"introduced":"0"},{"last_affected":"8.0.0"},{"introduced":"0"},{"last_affected":"8.1.0"}]}}],"versions":["2011.3","2013.1.g3","2013.2.b2","2013.2.rc1","2014.1.b1","2014.1.b2","2014.1.b3","2014.1.rc1","2014.2","2014.2.b1","2014.2.b2","2014.2.b3","2014.2.rc1","2014.2.rc2","2014.2.rc3","2015.1.0","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","2015.1.0rc2","2015.1.0rc3","7.0.0","7.0.0.0b1","7.0.0.0b2","7.0.0.0b3","7.0.0.0rc1","7.0.0.0rc2","7.0.0.0rc3","7.0.0a0","diablo-eol","essex-1","essex-3","folsom-1","folsom-3","grizzly-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5363.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}]}