Miggo Logo
Miggo Vulnerability Database
CVE-2017-13763

CVE-2017-13763: ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-13763
GHSA ID
GHSA-c6p7-vhw7-rc9w
EPSS Score
0.56199%
CWE
CWE-770
Published
5/13/2022
Updated
10/10/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.onosproject:onos-basemaven>= 1.8.0, <= 1.10.01.11.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key issues:

  1. In MessageDecoder.java, the decode() method reads a 4-byte integer for payload length (contentLength) and allocates a buffer of that size without validation. This allows attackers to trigger massive memory allocations.
  2. In NettyMessagingManager.java, the server bootstrap configuration during connection setup (startAcceptingConnections) does not implement message size limits via Netty's decoder configuration (like LengthFieldBasedFrameDecoder with maxFrameLength), leaving the system vulnerable to oversized payload attacks. The patch focuses on timeouts but doesn't address payload size validation in these critical paths, leaving the root cause unmitigated in the analyzed code changes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*n N*twork Op*r*tin* Syst*m, ONOS, v*rsions *.*.*, *.*.*, *n* *.**.* *o not r*stri*t t** *mount o* m*mory *llo**t** ****us* t** N*ttyM*ss**in*M*n***r p*ylo** siz* is not limit**. ONOS no**s tim*out w**n tryin* to *onn**t to t** *lust*r in vm t*st *

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *. In M*ss******o**r.j*v*, t** ***o**() m*t*o* r***s * *-*yt* int***r *or p*ylo** l*n*t* (*ont*ntL*n*t*) *n* *llo**t*s * *u***r o* t**t siz* wit*out v*li**tion. T*is *llows *tt**k*rs to tri***r m*ssiv* m*m