7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-35139

GHSA ID

GHSA-4987-5p3p-9r27

EPSS Score

0.4171%

CWE

CWE-770

Published

8/11/2023

Updated

11/11/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-35139

CVE-2020-35139: FaucetSDN Ryu Denial of Service Vulnerability

An issue was discovered in OFPBundleCtrlMsg in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-35139

GHSA ID

GHSA-4987-5p3p-9r27

EPSS Score

0.4171%

CWE

CWE-770

Published

8/11/2023

Updated

11/11/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ryu	pip	<= 4.34

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub issue #118 explicitly identifies the OFPQueueGetConfigReply parser loop in ofproto_v1_3_parser.py as vulnerable when queue.len=0. Though the CVE description mentions OFPBundleCtrlMsg, the primary source (issue tracker) and code analysis confirm the loop in OFPQueueGetConfigReply's parser lacks validation for zero-length queue entries, directly causing the infinite loop described in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in `O*P*un*l**trlMs*` in `p*rs*r.py` in **u**tS*N Ryu v*rsion *.**, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (*oS) (in*init* loop).

Reasoning

T** *it*u* issu* #*** *xpli*itly i**nti*i*s t** O*PQu*u***t*on*i*R*ply p*rs*r loop in o*proto_v*_*_p*rs*r.py *s vuln*r**l* w**n qu*u*.l*n=*. T*ou** t** *V* **s*ription m*ntions O*P*un*l**trlMs*, t** prim*ry sour** (issu* tr**k*r) *n* *o** *n*lysis *o

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-35139: FaucetSDN Ryu Denial of Service Vulnerability

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI