4 matches found
CVE-2017-1000411
CVE-2017-1000411 affects OpenFlow Plugin and OpenDaylight Controller (Nitrogen, Carbon, Boron) with a flaw where multiple expired flows consume memory in CONFIG DATASTORE, causing the controller to shutdown once JVM/resource limits are reached. The issue arises when idle-timeout and hard-timeout ...
CVE-2018-1078
CVE-2018-1078 affects OpenDayLight Carbon SR3 and earlier. During node reconciliation, all flows (active and inactive) may be reinstalled in the switch upon reconnection, causing timers for those flows to be reset. This can result in traffic flows that should be expired (or expiring soon) being r...
CVE-2015-1611
The OpenFlow plugin for OpenDaylight (before Helium SR3) is affected by LLDP spoofing via fake LLDP injections, enabling remote attackers to spoof the SDN topology and disrupt data flow. Affected component: openflowplugin in OpenDaylight; root cause: reuse/fake LLDP packets. Impact: topology spoo...
CVE-2015-1612
The CVE-2015-1612 issue affects the OpenFlow plugin for OpenDaylight (before Helium SR3). It enables LLDP-related spoofing of the SDN topology that can affect data flow. Affected component: openflowplugin in OpenDaylight; root cause: reuse of LLDP packets leading to topology spoofing (LLDP Relay)...