Vulnerability Description
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openvswitch | Openvswitch | >= 2.0.0, <= 2.17.2 |
References
- https://arxiv.org/abs/2011.09107Third Party Advisory
- https://dl.acm.org/citation.cfm?doid=3359989.3365431Third Party Advisory
- https://sites.google.com/view/tuple-space-explosionExploitThird Party Advisory
- https://www.youtube.com/watch?v=5cHpzVK0D28ExploitThird Party Advisory
- https://www.youtube.com/watch?v=DSC3m-Bww64ExploitThird Party Advisory
- https://arxiv.org/abs/2011.09107Third Party Advisory
- https://dl.acm.org/citation.cfm?doid=3359989.3365431Third Party Advisory
- https://sites.google.com/view/tuple-space-explosionExploitThird Party Advisory
- https://www.youtube.com/watch?v=5cHpzVK0D28ExploitThird Party Advisory
- https://www.youtube.com/watch?v=DSC3m-Bww64ExploitThird Party Advisory
FAQ
What is CVE-2019-25076?
CVE-2019-25076 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that req...
How severe is CVE-2019-25076?
CVE-2019-25076 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25076?
Check the references section above for vendor advisories and patch information. Affected products include: Openvswitch Openvswitch.