CVE-2024-28732

Vulnerability

Description

In Ryu SDN framework version 4.34, the OFPMatch parser in ofproto_v1_3_parser.py and other protocol parsers contains an infinite loop flaw. When parsing an OFPFlowMod message, an instruction with len set to zero causes the offset variable to not increment, resulting in an unbounded loop that consumes CPU resources [1][3].

Exploitation

A remote attacker can exploit this vulnerability by sending a crafted OpenFlow message to the Ryu controller (default port 6633). No authentication is required; the attacker only needs network access to the controller. The PoC demonstrates sending a specially crafted packet that triggers the infinite loop, disrupting controller operation [3].

Impact

Successful exploitation leads to a denial of service (DoS) condition, rendering the SDN controller unresponsive and unable to process legitimate network management requests. This can disrupt network operations managed by the Ryu controller [1][4].

Mitigation

As of the advisory, the Ryu project is not currently maintained [2]. Users are advised to migrate to a maintained alternative such as OpenStack's os-ken. No patch is available for this vulnerability; affected versions include v4.34 and likely earlier versions across OpenFlow 1.3, 1.4, and 1.5 [3][4].