CVE request: DoS in ONOS when handling jumbo ethernet frames

[David Jorm <david.jorm () gmail com>]

It was found that ONOS would throw exceptions when handling jumbo ethernet
frames. The exceptions were not caught and handled, so a remote
unauthenticated attacker could use this flaw to perform a denial-of-service
attack against an ONOS system.

To exploit this issue, the attacker must be able to send a jumbo ethernet
frame to a switch controlled by ONOS. Only the connection between the
controller and the switch generating the packet-in message of the malicious
packet will be affected (disconnected). More details are available here:

https://jira.onosproject.org/browse/ONOS-3349

An advisory is now live with no CVE ID:

https://wiki.onosproject.org/display/ONOS/Security+advisories

Please assign a CVE ID to this issue. A request was sent to MITRE directly
9 days ago with no answer. We need a CVE ID within the next 24 hours.

Thanks
David Jorm on behalf of the ONOS security response team