CVE-2020-35139
Description
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-35139 describes an infinite loop in Faucet SDN Ryu's parser.py OFPBundleCtrlMsg handling, enabling remote DoS.
This vulnerability affects the OFPBundleCtrlMsg parser in parser.py within the Faucet SDN Ryu framework version 4.34. The flawed parsing logic does not properly handle malformed or specially crafted messages, causing the parser to enter an infinite loop when processing certain inputs. The root cause lies in the absence of bounds checking or termination conditions for specific packet sequences, as observed in similar issues with the OFPQueueGetConfigReply parser when queue length is zero [1][3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ryuPyPI | <= 4.34 | — |
Affected products
2- Faucet SDN/Ryudescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-4987-5p3p-9r27ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35139ghsaADVISORY
- github.com/faucetsdn/ryu/issues/118ghsaWEB
News mentions
0No linked articles in our index yet.