Executive Summary

CVE-2026-49017 is a security vulnerability in OpenStack Swift's s3api middleware that causes an infinite loop when processing a truncated aws-chunked PUT request body.

Specifically, the StreamingInput class repeatedly appends empty buffers and re-reads, which causes the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory usage.

This defect was introduced in Swift version 2.36.0 and affects versions before 2.36.2 and 2.37.2.

An authenticated attacker can exploit this by sending malformed or truncated aws-chunked payloads, triggering the infinite loop and causing denial of service.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can cause proxy-server workers in OpenStack Swift to become permanently unresponsive due to an infinite loop triggered by malformed aws-chunked PUT requests.

This leads to uncontrolled growth in CPU and memory consumption on the proxy server.

As a result, all proxy-server workers can be systematically exhausted, causing a denial of service (DoS) condition.

This can disrupt service availability until the affected processes are manually restarted or malicious accounts are suspended.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring proxy-server workers for unusually high CPU and memory usage, which indicates that a worker process may be stuck in an infinite loop caused by processing a truncated aws-chunked PUT request.

Since the issue arises from malformed or truncated aws-chunked payloads in authenticated requests, inspecting logs for repeated or failed aws-chunked PUT requests from authenticated users can help identify potential exploitation attempts.

Suggested commands to detect the issue include:

• Use system monitoring tools like 'top' or 'htop' to identify proxy-server worker processes with high CPU and memory consumption.
• Use 'ps aux | grep swift-proxy-server' to list proxy-server worker processes and check their resource usage.
• Check OpenStack Swift proxy logs for repeated aws-chunked PUT requests or errors related to truncated chunked input.
• Use network monitoring tools like 'tcpdump' or 'wireshark' to capture and analyze aws-chunked PUT requests to detect malformed or truncated payloads.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include suspending or disabling accounts that are suspected of sending malformed or truncated aws-chunked PUT requests to prevent further exploitation.

Restarting affected proxy-server worker processes will clear the infinite loop state and restore normal operation.

Applying patches or updates that fix the handling of truncated aws-chunked input, once available, is recommended to permanently resolve the vulnerability.

Useful 0 Not Useful 0