Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jNnA3LXZodzctcmM5d84AASD0
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.
Permalink: https://github.com/advisories/GHSA-c6p7-vhw7-rc9wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNnA3LXZodzctcmM5d84AASD0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 7 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-c6p7-vhw7-rc9w, CVE-2017-13763
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-13763
- https://gerrit.onosproject.org/#/c/13831/
- https://gerrit.onosproject.org/#/c/14318/
- https://github.com/opennetworkinglab/onos/commit/f7c7f6f229978fe4e78045069a4485504cc108c4
- https://jira.onosproject.org/browse/ONOS-6401
- https://github.com/advisories/GHSA-c6p7-vhw7-rc9w
Blast Radius: 1.0
Affected Packages
maven:org.onosproject:onos-base
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 1.8.0, <= 1.10.0
Fixed in: 1.11.0
All affected versions:
All unaffected versions: