CVE-2024-34484

CVE-2024-34484 is a denial-of-service (DoS) vulnerability in the Faucet SDN Ryu framework, version 4.34. The issue resides in the OFPBucket.parser method within /ryu/ofproto/ofproto_v1_3_parser.py. When parsing an OFPBucket, the method uses a while loop that increments offset and length by action.len for each parsed action. However, if an attacker sets action.len to zero, the loop never progresses, resulting in an infinite loop and resource exhaustion [1][3].

Exploitation

An attacker can trigger this vulnerability by sending a crafted OpenFlow message, specifically an OFPGroupDescStatsReply containing an OFPGroupDescStats structure with a malicious OFPBucket. The proof-of-concept (PoC) demonstrates sending such a packet to a Ryu controller listening on the default OpenFlow port (6633). No authentication is required to send OpenFlow messages; an attacker with network access to the controller can exploit this without prior credentials [3].

Impact

Successful exploitation causes the Ryu controller to enter an infinite loop, consuming 100% CPU and effectively halting processing of legitimate OpenFlow messages. This results in a denial of service for the controller, disrupting network operations and management in SDN environments relying on Ryu [1][3].

Mitigation

The Ryu project is no longer actively maintained. The GitHub repository states, 'RYU NOT CURRENTLY MAINTAINED' and recommends migrating to a maintained fork, such as OpenStack's os-ken [2]. No official patch is available for this CVE. Users of Ryu should consider migrating to the os-ken framework or implementing network-level filtering to block malformed OpenFlow messages from untrusted sources [2][3].