Lucene search

MitreCVE-2017-13763

HistoryAug 30, 2017 - 12:29 a.m.

CVE-2017-13763

2017-08-3000:29:00

CWE-770

mitre

web.nvd.nist.gov

cve-2017-13763

onos

memory allocation

netty payload

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

JSON

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.

Affected configurations

Nvd

Node

onosprojectonosMatch1.8.0

onosprojectonosMatch1.9.0

onosprojectonosMatch1.10.0

VendorProductVersionCPE
onosprojectonos1.8.0cpe:2.3:a:onosproject:onos:1.8.0:*:*:*:*:*:*:*
onosprojectonos1.9.0cpe:2.3:a:onosproject:onos:1.9.0:*:*:*:*:*:*:*
onosprojectonos1.10.0cpe:2.3:a:onosproject:onos:1.10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
onosproject	onos	1.8.0	cpe:2.3:a:onosproject:onos:1.8.0:::::::*
onosproject	onos	1.9.0	cpe:2.3:a:onosproject:onos:1.9.0:::::::*
onosproject	onos	1.10.0	cpe:2.3:a:onosproject:onos:1.10.0:::::::*

References

gerrit.onosproject.org/#/c/13831/

gerrit.onosproject.org/#/c/14318/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

JSON

Related for CVE-2017-13763