CVE-2018-1078

Опубликовано: 16 мар. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1533501
Issue Tracking
Not Applicable
https://jira.opendaylight.org/browse/OPNFLWPLUG-971
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1533501
Issue Tracking
Not Applicable
https://jira.opendaylight.org/browse/OPNFLWPLUG-971
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:opendaylight:openflow:*:*:*:*:*:opendaylight:*:*

Версия до carbon (включая)

cpe:2.3:a:opendaylight:openflow:sp1:*:*:*:*:opendaylight:*:*

cpe:2.3:a:opendaylight:openflow:sp2:*:*:*:*:opendaylight:*:*

cpe:2.3:a:opendaylight:openflow:sp3:*:*:*:*:opendaylight:*:*

EPSS

Процентиль: 58%

0.00369

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-1078

CVSS3: 4.8

redhat

почти 8 лет назад

GHSA-fq54-gw3q-6v86