-
Notifications
You must be signed in to change notification settings - Fork 0
/
CRSA-2015-0007.yaml
27 lines (19 loc) · 982 Bytes
/
CRSA-2015-0007.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
title: 'ONOS: denial-of-service (DoS) due to exception handling while deserializing jumbo frames'
description: 'It was found that the packet deserializers in ONOS would throw exceptions when handling malformed, truncated or maliciously-crafted packets. The exceptions were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. A remote unauthenticated attacker could use this flaw to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches.'
references:
- https://wiki.onosproject.org/display/ONOS/Security+advisories
affected-products:
- product: ONOS
version:
- id: 1.3.0
component: onos
issues:
- 143
patches:
- https://gerrit.onosproject.org/#/c/6137/
vulnerabilities:
- cve-id: CVE-2015-7516
reporters:
- name: 'Kashyap Thimmaraju, Liron Schiff and Dr. Stefan Schmid'
reported:
- CVE-2015-7516