CVE-2021-38363

Name of the Vulnerable Software and Affected Versions ONOS version 2.5.1

Description An issue was discovered in the IntentManager of ONOS. The install-requested intent, which causes an exception, remains in the pendingMap (in memory) forever. Deletion of this intent is not possible, neither by a user nor by the intermittent Intent Cleanup process.

Recommendations For ONOS version 2.5.1, as a temporary workaround, consider disabling the IntentManager or restricting its functionality until a patch is available. However, at the moment, there is no information about a newer version that contains a fix for this issue.