exploitDog

CVE-2014-2304

Опубликовано: 23 окт. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.

Ссылки

http://dovernetworks.com/wp-content/uploads/2014/03/OpenFloodlight-03052014.pdf
Exploit
Third Party Advisory
http://dovernetworks.com/wp-content/uploads/2014/03/OpenFloodlight-03052014.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectfloodlight:open_sdn_controller:0.90:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-x4h9-gj8q-g5vf

CVSS3: 7.5

github

больше 3 лет назад

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20