CVE-2025-30077: onos-lib-go allows an index out-of-range panic

March 16, 2025 (updated March 17, 2025)

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

References

github.com/advisories/GHSA-jrqj-6vq2-7r63
github.com/onosproject/onos-lib-go
github.com/onosproject/onos-lib-go/commit/55579ffad35f59a5945c7861d944cd57a3b4b3d0
github.com/onosproject/onos-lib-go/issues/295
nvd.nist.gov/vuln/detail/CVE-2025-30077

Detect and mitigate CVE-2025-30077 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →