CVE-2017-13763
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
7.5
HIGH
CVSS 3.1
EPSS 0.34%
Description
Open Network Operating System, ONOS, versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated because the NettyMessagingManager payload size is not limited. ONOS nodes timeout when trying to connect to the cluster in vm test cluster, leading to a potential denial of service.
How to fix CVE-2017-13763
To remediate CVE-2017-13763, upgrade the affected package to a fixed version below.
- —upgrade to 1.11.0 or later
Is CVE-2017-13763 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.8.0, < 1.11.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |