Ty3Gxo

**Name of the Vulnerable Software and Affected Versions** Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go version 0.8.12 **Description** The issue allows for infinite repetition of the processing of an error in the `Subscribe` function implementation for the subscribed indication stream. **Recommendations** For version 0.8.12, consider disabling the `Subscribe` function until a patch is available to prevent infinite error processing repetition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Networking Foundation SD-RAN ONOS onos-lib-go version 0.10.25 **Description** The issue is related to an index out-of-range condition in the `parseAlignBits` function. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For version 0.10.25, consider disabling the `parseAlignBits` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Networking Foundation SD-RAN ONOS onos-lib-go version 0.10.25 **Description** The issue allows an index out-of-range condition in `putBitString`. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For version 0.10.25, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1 **Description** The issue is related to a slice bounds out-of-range panic in the "return plmnIdString[0:3], plmnIdString[3:]" line in reader.go. This indicates a problem with how the `plmnIdString` is being sliced, potentially leading to a crash. **Recommendations** For version 0.1.1, consider modifying the line in reader.go to properly handle the slicing of `plmnIdString` to prevent the out-of-range panic. As a temporary workaround, consider adding error checking to ensure that `plmnIdString` is of sufficient length before attempting to slice it.

**Name of the Vulnerable Software and Affected Versions** Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1 **Description** The issue is related to a slice bounds out-of-range panic in the code. Specifically, the problem occurs in the line "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in the reader.go file. This suggests a potential error in handling byte arrays, which could lead to unexpected behavior or crashes. **Recommendations** For Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1, consider modifying the reader.go file to properly handle slice bounds and prevent out-of-range panics. As a temporary workaround, consider adding error checking code to ensure that the byte array `b` has at least 3 elements before attempting to access `b[0]`, `b[1]`, and `b[2]`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.