CVE-2022-29606

Name of the Vulnerable Software and Affected Versions ONOS version 2.5.1

Description An issue was discovered where an intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network.

Recommendations For ONOS version 2.5.1, consider restricting the use of large port numbers in intents to minimize inconsistencies between intent and flow rules until a fix is available. As a temporary workaround, review and adjust intent configurations to avoid large port numbers.