Vulnerabilities > CVE-2015-7516 - NULL Pointer Dereference vulnerability in Onosproject Onos

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

onosproject

CWE-476

NVD

Published: 2017-08-24

Updated: 2017-08-30

Summary

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

Vulnerable Configurations

Part	Description	Count
Application	Onosproject Onosproject Onos 1.0.0 Onosproject Onos 1.0.1 Onosproject Onos 1.1.0 Onosproject Onos 1.2.0 Onosproject Onos 1.2.1 Onosproject Onos 1.2.2 Onosproject Onos 1.3.0 Onosproject Onos 1.4.0	18

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

http://www.openwall.com/lists/oss-security/2015/11/26/1
http://www.securityfocus.com/bid/77752
https://gerrit.onosproject.org/#/c/6137/
https://jira.onosproject.org/browse/ONOS-3349
https://wiki.onosproject.org/display/ONOS/Security+advisories