Code injection

2018-03-1620:29:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.4%

JSON

OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.

CPENameOperatorVersion
openfloweq3.0.0-sp
openfloweq2.0.0-sp
openfloweq1.0.0-sp

Name	Operator	Version
openflow	eq	3.0.0-sp
openflow	eq	2.0.0-sp
openflow	eq	1.0.0-sp

References

bugzilla.redhat.com/show_bug.cgi?id=1533501

jira.opendaylight.org/browse/OPNFLWPLUG-971