CVE-2018-1078

Published: Mar 16, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.

Affected (4)

Products: Opendaylight: Openflow

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Opendaylight Openflow	Up to carbon
Opendaylight Openflow	Version sp1
Opendaylight Openflow	Version sp2
Opendaylight Openflow	Version sp3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1533501

Source: secalert@redhat.com

Issue TrackingNot Applicable

https://jira.opendaylight.org/browse/OPNFLWPLUG-971

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1533501

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingNot Applicable

https://jira.opendaylight.org/browse/OPNFLWPLUG-971

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.