CVE-2020-35141

Root

Cause

CVE-2020-35141 is a denial-of-service vulnerability in the Faucet SDN Ryu framework version 4.34. The flaw resides in the OFPQueueGetConfigReply parser within parser.py (specifically in ofproto_v1_3_parser.py). The parser uses a while loop that increments an offset based on queue.len. If a crafted OpenFlow reply contains a queue with len=0, the offset never advances, causing the loop to run indefinitely [1][3].

Attack

Vector

An attacker can exploit this by sending a specially crafted OFPQueueGetConfigReply message to a Ryu controller that processes the malformed queue configuration. The attack is remote; no authentication is required because the parser processes untrusted network data before any validation occurs [1].

Impact

The infinite loop consumes 100% CPU in the event loop, effectively crashing the controller process and stopping all network control operations. This constitutes a complete denial-of-service for the software-defined network controlled by the vulnerable Ryu instance [1].

Mitigation

The Ryu project is no longer actively maintained [2]. Users should migrate to the maintained OpenStack fork os-ken as no patched Ryu release is expected. There is no known workaround short of disabling the affected parser or upgrading to a different SDN framework [2][3].