GHSA-c6p7-vhw7-rc9w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c6p7-vhw7-rc9w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c6p7-vhw7-rc9w/GHSA-c6p7-vhw7-rc9w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c6p7-vhw7-rc9w
- Aliases
- Published
- 2022-05-13T01:43:15Z
- Modified
- 2023-11-08T03:58:55.007059Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
- Details
-
Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.
- Database specific
{ "nvd_published_at": "2017-08-30T00:29:00Z", "cwe_ids": [ "CWE-770" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-26T18:31:56Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-13763
- https://github.com/opennetworkinglab/onos/commit/f7c7f6f229978fe4e78045069a4485504cc108c4
- https://gerrit.onosproject.org/#/c/13831
- https://gerrit.onosproject.org/#/c/14318
- https://github.com/opennetworkinglab/onos
- https://jira.onosproject.org/browse/ONOS-6401
Affected packages
Maven / org.onosproject:onos-base
Package
- Name
- org.onosproject:onos-base
- View open source insights on deps.dev
- Purl
- pkg:maven/org.onosproject/onos-base