Miggo Logo
Miggo Vulnerability Database
CVE-2024-34489

CVE-2024-34489: Ryu Infinite Loop vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-34489
GHSA ID
GHSA-59p2-v62x-gxj8
EPSS Score
0.71412%
CWE
CWE-835
Published
5/5/2024
Updated
7/3/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
ryupip<= 4.34

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub issue #195 explicitly shows the vulnerable loop in OFPHello.parser() where length=0 input prevents offset advancement. The CWE-835 mapping confirms this is an infinite loop scenario. The code structure matches the described vulnerability mechanism, and the provided PoC demonstrates the exploit path through OFPHello message handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`O*P**llo` in p*rs*r.py in **u**t S*N Ryu *.** *llows *tt**k*rs to **us* * **ni*l o* s*rvi** (in*init* loop) vi* `l*n*t*=*`.

Reasoning

T** *it*u* issu* #*** *xpli*itly s*ows t** vuln*r**l* loop in `O*P**llo.p*rs*r()` w**r* l*n*t*=* input pr*v*nts o**s*t **v*n**m*nt. T** *W*-*** m*ppin* *on*irms t*is is *n in*init* loop s**n*rio. T** *o** stru*tur* m*t***s t** **s*ri*** vuln*r**ility