Kashyap Thimmaraju

**Name of the Vulnerable Software and Affected Versions** ONOS versions prior to 1.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and switch disconnect, by sending two Ethernet frames with ether type Jumbo Frame (0x8870). **Recommendations** For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Open vSwitch version 2.5.0 **Description** A malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in the function `miniflow extract` in `lib/flow.c`, permitting remote bypass of the access control list enforced by the switch. **Recommendations** For Open vSwitch version 2.5.0, consider disabling the `miniflow extract` function in `lib/flow.c` as a temporary workaround until a patch is available. Restrict access to the switch to minimize the risk of exploitation.