kjw6855/gist:abeecc798d138b49537393e1fd3a5e96

## gistfile1.txt
[Description]
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.

------------------------------------------

[VulnerabilityType Other]
CWE-400: Uncontrolled Resource Consumption

------------------------------------------

[Vendor of Product]
Open Network Foundation

------------------------------------------

[Affected Product Code Base]
ONOS - 2.7.0

------------------------------------------

[Affected Component]
resources/basic.p4, java/org/onosproject/pipelines/basic/BasicInterpreterImpl.java in pipelines/basic/src/main
resources/fabric.p4, java/org/onosproject/pipelines/fabric/impl/behaviour/FabricInterpreter.java in pipelines/fabric/impl/src/main

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Attack Vectors]
flood malicious IPv4 packets that are not filtered by the P4 program (basic.p4 or fabric.p4), but failed in deserialization in ONOS core, which prevents applications from receiving other packets to register hosts and links.

------------------------------------------

[Reference]
https://wiki.onosproject.org/display/ONOS/Provider+Tutorial
https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675

------------------------------------------

[Discoverer]
Jiwon Kim
	[Description]
	An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.

	------------------------------------------

	[VulnerabilityType Other]
	CWE-400: Uncontrolled Resource Consumption

	------------------------------------------

	[Vendor of Product]
	Open Network Foundation

	------------------------------------------

	[Affected Product Code Base]
	ONOS - 2.7.0

	------------------------------------------

	[Affected Component]
	resources/basic.p4, java/org/onosproject/pipelines/basic/BasicInterpreterImpl.java in pipelines/basic/src/main
	resources/fabric.p4, java/org/onosproject/pipelines/fabric/impl/behaviour/FabricInterpreter.java in pipelines/fabric/impl/src/main

	------------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Impact Denial of Service]
	true

	------------------------------------------

	[Attack Vectors]
	flood malicious IPv4 packets that are not filtered by the P4 program (basic.p4 or fabric.p4), but failed in deserialization in ONOS core, which prevents applications from receiving other packets to register hosts and links.

	------------------------------------------

	[Reference]
	https://wiki.onosproject.org/display/ONOS/Provider+Tutorial
	https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675

	------------------------------------------

	[Discoverer]
	Jiwon Kim