Skip to main content

Uncaught Exception

CVE-2015-1166

Severity High
Score 7.5/10

Summary

It was found that the packet deserializers in ONOS 1.0.0 Avocet would throw exceptions when handling malformed, truncated or maliciously-crafted packets. The exceptions were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. A remote unauthenticated attacker could use this flaw to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-248 - Uncaught Exception

An exception is thrown from a function, but it is not caught.

Advisory Timeline

  • Published