Title: Integer Overflow Vulnerability in Linux Foundation ONOS Allows Unauthorized Flow Rule Installation

Title: Integer Overflow Vulnerability in Linux Foundation ONOS Allows Unauthorized Flow Rule Installation

CVE-2019-1010249 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.