|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-28732: python-ryu: infinite loops in OpenFlow parsers | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Cloud Bugs <cloud-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | camila.matos, doreilly, robert.simai, security-team, stoyan.manolov |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/400737/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-28732:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | parse error exception | ||
|
Description
SMASH SMASH
2024-04-08 19:14:24 UTC
No patch for this issue seems to be available as of 2024-04-08. In the upstream README file it is possible to confirm that there are no current maintainers for this package ('PLEASE READ: RYU NOT CURRENTLY MAINTAINED').
Can't reproduce on devstack rocky. The openflow controller is the neutron-openvswitch-agent and it listens on 127.0.0.1:6633 - so not accessible to remote attackers. The packet in the reproducer causes a parse exception which causes the loop to exit. There is a bug in the exception handler, but no infinite loop. Created attachment 874160 [details]
parse error exception
Note: the neutron-openvswitch-agent continues to work fine after this. There is no denial of service, and no pegged cpus.
Checked soc8 and soc9. Both listen on localhost:6633. The reproducer in https://github.com/faucetsdn/ryu/issues/188 does not cause an infinite loop or denial of service of the neutron-openvswitch-agent openflow controller. |