User Impersonation

Overview org.onosproject:onos-core-net is an ONOS network control core subsystem. Affected versions of this package are vulnerable to User Impersonation through the manipulation of IP/MAC address mappings. An attacker can send crafted messages containing spoofed IP/MAC addresses, replacing those ...

org.onosproject:onos-drivers-arista (>=1.7.0 <=1.8.9), org.onosproject:onos-drivers-ciena (>=1.7.0 <=1.8.9) +13 more potentially affected by CVE-2023-41591 via org.onosproject:onos-core-net (>=1.7.0 <=2.5.7-rc2)

org.onosproject:onos-core-net MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.8.0, =1.7.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =3.0.0, =3.0.0, =3.0.0, =4.0.0-rc1 Source cves: CVE-2023-41591 Source advisory: SNYK:JAVA-ORGONOSPROJECT-10658543...

Denial Of Service (DoS) Through Null Pointer Dereference

onos-core-net is vulnerable to a denial of service DoS attack. The library does not properly process Ethernet frames, allowing a malicious user to pass a ethertype Jumbo Frame twice to the application to cause an exception, crashing it...