Description
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..
Remediation
References
http://gms.cl0udz.com/OVSDB_DOS.pdf
https://gerrit.onosproject.org/#/c/18926/
Related Vulnerabilities
CVE-2020-28268 Vulnerability in npm package controlled-merge
CVE-2012-1833 Vulnerability in maven package org.grails:grails-plugin-controllers
CVE-2021-3666 Vulnerability in npm package body-parser-xml
CVE-2020-8237 Vulnerability in npm package json-bigint
CVE-2021-21252 Vulnerability in npm package jquery-validation