OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Link | Tags |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1533501 | issue tracking not applicable |
https://jira.opendaylight.org/browse/OPNFLWPLUG-971 | third party advisory |