PYSEC-2026-1882

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ryu/PYSEC-2026-1882.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1882
Aliases
Published
2026-07-07T11:45:41.438464Z
Modified
2026-07-07T17:47:02.240102310Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Ryu Infinite Loop vulnerability
Details

OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0.

References

Affected packages

PyPI / ryu

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.34

Affected versions

0.*
0.2
1.*
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
2.*
2.0
2.1
2.2
3.*
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.15
3.17
3.18
3.19
3.20
3.20.1
3.20.2
3.22
3.23
3.23.1
3.23.2
3.24
3.25
3.25.1
3.26
3.29
3.29.1
3.30
4.*
4.0
4.1
4.2
4.2.1
4.2.2
4.3
4.4
4.5
4.6
4.7
4.8
4.8.1
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.29
4.30
4.31
4.32
4.33
4.34

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ryu/PYSEC-2026-1882.yaml"