CVE-2017-13763 – org.onosproject:onos-base

Package

Manager: maven
Name: org.onosproject:onos-base
Vulnerable Version: >=1.8.0 <1.11.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00341 pctl0.5613

Details

ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.

Metadata

Created: 2022-05-13T01:43:15Z
Modified: 2023-10-10T15:44:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c6p7-vhw7-rc9w/GHSA-c6p7-vhw7-rc9w.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-c6p7-vhw7-rc9w
Finding: F002
Auto approve: 1