You can find the template demonstrating the structure of future advisories here.
[Important] [CVE-2015-1166] onos-of-ctl:
denial-of-service (DoS) due to exception handling while deserializing malformed packets
Packet-ins coming from the dataplane can contain truncated or malformed packets. ONOS would throw an exception while attempting to deserialize these packetsIt was found that the packet deserializers in ONOS would throw exceptions when handling malformed, truncated or maliciously-crafted packets. The exceptions were not caught and handled, which would result in the relevant switch being disconnected because and an exception occurred in an I/O thread. This opened a DoS vulnerability in ONOS, where an attacker could send malformed packets into the network and cause A remote unauthenticated attacker could use this flaw to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches. See ONOS-605 for more details.
A patched build will be released shortly.
This issue was reported by Charles M.C. Chan and Jonathan Hart.