ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HOnosproject Onos
APPOnosproject1.10.01.8.01.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2019-13624CRITICAL9.8ten sam produkt
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote...
CVE-2018-1000616CRITICAL9.8ten sam produkt
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\dri...
CVE-2018-1000614CRITICAL9.8ten sam produkt
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in provider...
CVE-2017-1000081CRITICAL9.8ten sam produkt
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote...
CVE-2018-1000615HIGH7.5ten sam produkt
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in ...