CVE-2014-2304

Name of the Vulnerable Software and Affected Versions Open Floodlight SDN controller software version 0.90

Description A flaw in OpenFlow protocol processing could result in a denial of service attack and crashing of the controller service. This is caused by specific malformed and mistimed FEATURES REPLY messages, which prevent the controller service from deleting switch and port data from its internal tracking structures.

Recommendations For version 0.90, consider disabling the OpenFlow protocol processing until a patch is available to prevent exploitation of the flaw. Restrict access to the controller service to minimize the risk of a denial of service attack. Avoid using malformed and mistimed FEATURES REPLY messages in the affected OpenFlow protocol processing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.