CVE-2015-6569
Description
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in the LoadBalancer module of Floodlight Controller before 1.2 allows remote attackers to cause a denial of service via state manipulation.
Vulnerability
A race condition exists in the LoadBalancer module of the Atlassian Floodlight Controller prior to version 1.2. The bug occurs when concurrent state manipulation operations are performed without proper synchronization, leading to a NULL pointer dereference and thread crash. The affected versions are all releases before Floodlight v1.2 [1][2].
Exploitation
An attacker with network access to the Floodlight controller can exploit this vulnerability by sending a sequence of state manipulation requests to the LoadBalancer module. The race window is triggered when multiple requests are processed concurrently, causing the module to access a NULL pointer. No authentication is required, and the attack can be launched remotely [1].
Impact
Successful exploitation results in a NULL pointer dereference that crashes the affected thread, leading to a denial of service (DoS) condition. The controller may become unresponsive or unstable, disrupting network management and forwarding operations [1][2].
Mitigation
The vulnerability is fixed in Floodlight v1.2, released on February 7, 2016 [2]. Users should upgrade to v1.2 or later. The fix is implemented in pull request #563, which adds proper synchronization to the LoadBalancer module [1]. No workarounds are documented; upgrading is the recommended mitigation.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <1.2
- Range: <1.2
Patches
1729c4bb36f7aVulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/103132mitrevdb-entryx_refsource_BID
- floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/24805419/Floodlight+v1.2mitrex_refsource_CONFIRM
- github.com/floodlight/floodlight/pull/563mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.