Have questions? Stuck? Please check our FAQ for some common questions and answers.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

  1. Security vulnerabilities fixed in ONOS
  2. Reporting security vulnerability in ONOS
  3. ONOS Security Response team

Security vulnerabilities fixed in ONOS

This page lists all security vulnerabilities fixed in ONOS. Each vulnerability is assigned a security impact rating on a four-point scale (low, moderate, important and critical). The versions that are affected by each vulnerability are also listed.

You can find the template demonstrating the structure of future advisories here.

[Important] [CVE-TBD] onos-of-ctl: Exception thrown while deserializing malformed packets

Description

Packet-ins coming from the dataplane can contain truncated or malformed packets. ONOS would throw an exception while attempting to deserialize these packets, which would result in the switch being disconnected because and exception occurred in an I/O thread. This opened a DoS vulnerability in ONOS, where an attacker could send malformed packets into the network and cause ONOS to disconnect switches.

See ONOS-605 for details.

Affected versions

ONOS 1.0.0 Avocet is confirmed to be affected.

Patch commit(s)

https://gerrit.onosproject.org/#/c/2207/

 

 

                                                                                        

 

  • No labels