CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1000411
https://notcve.org/view.php?id=CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. • http://seclists.org/oss-sec/2018/q1/52 http://www.securityfocus.com/bid/102736 • CWE-404: Improper Resource Shutdown or Release •