CVE-2024-34487

Vulnerability

Description

The vulnerability resides in the OFPFlowStats parser within ofproto_v1_3_parser.py of the Faucet SDN Ryu framework (version 4.34). When parsing OpenFlow instruction sets, the code uses a while loop that decrements inst_length by inst.len. If inst.len is zero, the loop never terminates, causing an infinite loop and CPU exhaustion [1]. This is triggered by a malformed OFPFlowStats reply where an instruction has a length field of zero.

Exploitation

An attacker can exploit this flaw by sending a specially crafted OpenFlow message to the Ryu controller (default port 6633). The PoC provided in the advisory demonstrates remote exploitation without authentication, as the vulnerable parser is invoked upon receiving the message [1]. The attack does not require any special privileges beyond network access to the controller.

Impact

Successful exploitation leads to a denial of service (DoS) as the Ryu controller becomes unresponsive, halting all network control operations managed by the SDN controller. This can disrupt traffic forwarding, policy enforcement, and network monitoring in environments relying on Ryu [1][2].

Mitigation

As of the advisory, the Ryu project is not currently maintained and no official patch exists [3]. Users are strongly advised to migrate to actively maintained alternatives such as OpenStack's os-ken. Workarounds include restricting network access to the OpenFlow port or deploying intrusion detection to filter malicious messages [2].