CVE-2024-57673
Description
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Floodlight v1.2, a crafted BDDP packet with a large controller ID triggers persistent link flooding, causing denial of service via Topology and LinkDiscovery modules.
Vulnerability
Floodlight v1.2 contains a vulnerability in the Topology Manager and LinkDiscovery modules where the controller broadcasts BDDP packets with Controller TLV values larger than its own Controller ID. This behavior persists and leads to link flooding if no corresponding controller with the large ID exists in the SDN network. The issue is described in the project's GitHub issue tracker [1].
Exploitation
An attacker with local network access can send a single crafted BDDP packet to a switch managed by Floodlight. The packet must contain a Controller TLV with an ID larger than the controller's own ID (e.g., using the hexadecimal value 18080fffffffffffffff). No authentication or user interaction is required; the attack can be executed using tools like Scapy to inject the packet onto the network.
Impact
Successful exploitation causes the controller to continuously broadcast BDDP packets, resulting in a link flooding denial of service. The flooding degrades network performance and can lead to connectivity loss across the SDN fabric. The effect persists indefinitely until the controller is restarted or the malicious traffic is blocked.
Mitigation
As of the publication date (2025-02-06), no official patch or fixed version has been released. The vulnerability is documented in the Floodlight GitHub repository [1]. Network administrators may consider filtering BDDP packets at the network edge or within the SDN switches to mitigate the attack, though no vendor-provided workaround is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing validation of Controller TLV values in BDDP packets allows an attacker to trigger persistent link flooding."
Attack vector
An attacker on the network sends a single crafted BDDP packet with a large Controller ID value in the Controller TLV field (e.g., `0xffffffffffffffff`). The Floodlight controller receives this packet and instructs switches to broadcast it repeatedly, causing persistent link flooding. The attack requires only local network access to send one malformed BDDP packet [ref_id=1].
Affected code
The vulnerability resides in the Topology Manager and Link Discovery modules of Floodlight v1.2. The issue report [ref_id=1] identifies that the controller broadcasts BDDP packets containing a Controller TLV value greater than its own Controller ID, and this broadcast persists indefinitely when no matching controller exists in the SDN system.
What the fix does
No patch is provided in the bundle. The advisory [ref_id=1] describes the root cause: the controller does not validate the Controller ID in incoming BDDP packets before forwarding them. The expected remediation would involve the controller verifying that the Controller TLV value in a received BDDP packet matches its own Controller ID, and dropping packets with unexpected or oversized Controller IDs to prevent infinite broadcast loops.
Preconditions
- networkAttacker must have network access to a host connected to a switch managed by the Floodlight controller
- configThe SDN network must be running Floodlight v1.2 with the Topology Manager and Link Discovery modules active
- configNo other controller in the SDN system has a Controller ID matching the large value in the crafted packet
Reproduction
1. Start the Floodlight controller and Mininet: `java -jar target/floodlight.jar` and `sudo mn --switch=ovsk,protocols=OpenFlow13 --topo tree,3 --controller remote`. 2. On a Mininet host (e.g., h3), run `python3 poc.py` which sends a single BDDP packet with a crafted Controller TLV value of `0xffffffffffffffff`. 3. Observe via Wireshark that the malicious BDDP packet is flooded repeatedly across links, never stopping [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.