Описание
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.
Пакеты
Наименование
org.onosproject:onos-base
maven
Затронутые версииВерсия исправления
>= 1.8.0, <= 1.10.0
1.11.0
Связанные уязвимости
CVSS3: 7.5
nvd
больше 8 лет назад
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.