Login Sign Up

CVE-2020-35139

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-35139 is a denial-of-service vulnerability in Faucet SDN Ryu's parser.py where specially crafted OFPBundleCtrlMsg messages can trigger an infinite loop. This affects network administrators using Ryu SDN controllers version 4.34. Remote attackers can crash the controller by sending malicious OpenFlow messages.

💻 Affected Systems

Products:
  • Faucet SDN Ryu
Versions: Version 4.34 specifically
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the vulnerable parser.py component to process OpenFlow bundle control messages.

📦 What is this software?

Ryu by Faucet

View all CVEs affecting Ryu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete controller crash leading to network downtime, loss of SDN control plane functionality, and disruption of all managed network traffic.

🟠

Likely Case

Controller becomes unresponsive, requiring manual restart and causing temporary network disruption until service is restored.

🟢

If Mitigated

Minimal impact with proper network segmentation and controller redundancy in place.

🌐 Internet-Facing: HIGH if controller is exposed to untrusted networks, as exploitation requires only network access.
🏢 Internal Only: MEDIUM as internal attackers or compromised internal systems could still exploit the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in the parser logic and can be triggered by sending specially crafted OpenFlow messages without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.34 (specifically fixed in subsequent commits)

Vendor Advisory: https://github.com/faucetsdn/ryu/issues/118

Restart Required: Yes

Instructions:

1. Update Ryu to a version after 4.34. 2. Check the GitHub issue for specific commit fixes. 3. Restart the Ryu controller service after updating.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to Ryu controller management interface to trusted networks only.

iptables -A INPUT -p tcp --dport 6633 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 6633 -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can communicate with the Ryu controller
  • Deploy redundant controllers with load balancing to maintain service if one instance crashes

🔍 How to Verify

Check if Vulnerable:

Check Ryu version: if running version 4.34, the system is vulnerable. Review controller logs for infinite loop patterns or crashes.

Check Version:

ryu-manager --version

Verify Fix Applied:

After updating, verify the version is no longer 4.34 and test controller stability with normal OpenFlow traffic.

📡 Detection & Monitoring

Log Indicators:

  • Controller process consuming 100% CPU continuously
  • Repeated error messages about OFPBundleCtrlMsg parsing
  • Controller crash/restart events

Network Indicators:

  • Unusual volume of OpenFlow bundle control messages from single source
  • Controller becoming unresponsive to legitimate OpenFlow requests

SIEM Query:

source="ryu.log" AND ("OFPBundleCtrlMsg" OR "infinite loop" OR "100% CPU")

📊 Metadata

CVE ID: CVE-2020-35139
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-835
Published: August 11, 2023
Last Updated: April 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35139, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)