Open Networking Foundation SD-RAN ONOS GetBitString Index Out-of-Range Panic Vulnerability

An index out-of-range panic vulnerability has been identified in the Open Networking Foundation SD-RAN ONOS library 'onos-lib-go' version 0.10.28. The issue arises in the 'asn1/aper' package, specifically within the 'GetBitString' function. When 'numBits' is set to zero, the function fails to properly handle the input, leading to a runtime panic. This occurs because the function attempts to compute the length in bytes and iterate over the byte data without validating that any bits have been requested, resulting in invalid memory access.

Impact

Exploitation of this vulnerability causes a runtime panic due to an index out-of-range error, which can lead to a denial of service by causing the application to crash.

Reproduction

The vulnerability can be reproduced by calling the 'GetBitString' function with 'numBits' set to zero. This can be done using the 'onos-lib-go' library in a Go application. After the panic occurs, the 'EventTriggerDefinitionASN1toProto' function can be called with a specific byte sequence to trigger the vulnerability in a real-world scenario.

Remediation

Users are advised to update to the patched version of 'onos-lib-go' where this vulnerability has been addressed.