CVE-2019-25076

CWE-400Uncontrolled Resource Consumption8 documents8 sources
Severity
5.8MEDIUM
EPSS
0.7%
top 28.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvswitch Openvswitch
Timeline
PublishedSep 8
Latest updateOct 17

Description

The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDopenvswitch/openvswitch2.0.02.17.2+1

🔴Vulnerability Details

3
GHSA
GHSA-8ch8-jcmf-3gj4: The TSS (Tuple Space Search) algorithm in Open vSwitch 22022-09-09
CVEList
CVE-2019-25076: The TSS (Tuple Space Search) algorithm in Open vSwitch 22022-09-08
OSV
CVE-2019-25076: The TSS (Tuple Space Search) algorithm in Open vSwitch 22022-09-08

📋Vendor Advisories

3
Microsoft
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that req2022-09-13
Red Hat
openvswitch: DoS via crafted packet2022-09-09
Debian
CVE-2019-25076: openvswitch - The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3....2019

💬Community

1
Bugzilla
CVE-2019-25076 openvswitch: DoS via crafted packet2022-10-17