Impact
This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution.
Patches
The problem already patched in ZStack 3.10.12, 4.1.6 and all further versions.
Workarounds
We strongly suggest users upgrade to patched versions. If you could not upgrade at once, please avoid exposing ZStack API service to public or any other untrusty network.
For more information
If you have any questions or comments about this advisory:
Impact
This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution.
Patches
The problem already patched in ZStack 3.10.12, 4.1.6 and all further versions.
Workarounds
We strongly suggest users upgrade to patched versions. If you could not upgrade at once, please avoid exposing ZStack API service to public or any other untrusty network.
For more information
If you have any questions or comments about this advisory: