Due to a ransomware attack, the wiki was reverted to a July 2022 version. . We apologize for the lack of a more recent valid backup.
- Security vulnerabilities fixed in ONOS
- Reporting security vulnerability in ONOS
- ONOS Security Response team
Security vulnerabilities fixed in ONOS
This page lists all security vulnerabilities fixed in ONOS. Each vulnerability is assigned a security impact rating on a four-point scale (low, moderate, important and critical). The versions that are affected by each vulnerability are also listed.
You can find the template demonstrating the structure of advisories here.
[Important] [CVE-2015-1166] onos-of-ctl: denial-of-service (DoS) due to exception handling while deserializing malformed packets
Description
It was found that the packet deserializers in ONOS would throw exceptions when handling malformed, truncated or maliciously-crafted packets. The exceptions were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. A remote unauthenticated attacker could use this flaw to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches. See ONOS-605 for more details.
Affected versions
ONOS 1.0.0 Avocet is confirmed to be affected.
Patch commit(s)
https://gerrit.onosproject.org/#/c/2207/
Patched versions
Avocet 1.0.1 contains the fix and this patched build is available here. Release Notes for Avocet 1.0.1 are available here.
Credit
This issue was reported by Charles M.C. Chan and Jonathan Hart.