Bug 1519845 (CVE-2017-1000411)
Summary: | CVE-2017-1000411 opendaylight: Controller denial-of-service due to "expired" flows taking up the memory resource of CONFIG DS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apevec, chrisw, jhershbe, jjoyce, jpadman, jschluet, kbasil, lhh, lpeer, markmc, mburns, mkolesni, nyechiel, rbryant, sclewis, security-response-team, slinaber, tdecacqu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
Multiple "expired" flows consume memory resources of CONFIG DS which leads to Controller shutdown.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-01-16 21:27:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1519848 |
Description
Adam Mariš
2017-12-01 14:40:24 UTC
Acknowledgments: Name: Vaibhav Hemant Dixit Statement: OpenDaylight was released as a technical preview in Red Hat Openstack Platform versions 12 and under. Additionally, upstream have released an advisory outlining recommended actions, they will not be patching against this Denial of Service vector. |