-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ryu | pip | <= 4.34 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the OFPFlowMod message parser's instruction-processing loop in multiple OpenFlow version implementations (v1.3/v1.4/v1.5). The loop uses 'offset += i.len' to advance through the message buffer, but if an attacker provides an OFPInstruction with len=0 (via crafted OpenFlow packet), the offset never increments, creating an infinite loop. This is explicitly documented in GitHub Issue #188 and the Gist PoC, which identifies the affected code locations. The pattern repeats across version-specific parser files, making all three functions vulnerable.