CVE-2021-38363
First published: Thu Apr 20 2023(Updated: )
An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ONF SD-RAN ONOS | =2.5.1 | |
| =2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-38363?
CVE-2021-38363 is classified as a medium severity vulnerability due to its impact on the intent management process within ONOS.
How do I fix CVE-2021-38363?
To mitigate CVE-2021-38363, it is recommended to upgrade to a later version of ONOS that addresses this issue.
What is affected by CVE-2021-38363?
CVE-2021-38363 specifically affects ONOS version 2.5.1.
What are the implications of CVE-2021-38363?
The implications of CVE-2021-38363 include the potential for intents to remain indefinitely in a pending state, possibly leading to memory exhaustion.
Is there a workaround for CVE-2021-38363?
Currently, there is no documented workaround for CVE-2021-38363 other than upgrading to a patched version of the software.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/opennetworking
- canonical/onf sd-ran onos
- version/onf sd-ran onos/2.5.1