CVE-2017-13763
published 2017-08-30CVE-2017-13763: ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
PriorityP432high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
1.06%
60.3th percentile
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| onosproject | onos | — | — |
| onosproject | onos | — | — |
| onosproject | onos | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
osv·2022-05-13
CVE-2017-13763 [HIGH] ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.
GHSA
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
ghsa·2022-05-13
CVE-2017-13763 [HIGH] CWE-770 ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-30
Published