CVE-2019-25076

Name
CVE-2019-25076
Description
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://arxiv.org/abs/2011.09107
MISC https://www.youtube.com/watch?v=DSC3m-Bww64
MISC https://www.youtube.com/watch?v=5cHpzVK0D28
MISC https://sites.google.com/view/tuple-space-explosion
MISC https://dl.acm.org/citation.cfm?doid=3359989.3365431

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openvswitch:openvswitch:3.0.0:*:*:*:*:*:*:* openvswitch == None == 3.0.0
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* openvswitch >= 2.0.0 <= 2.17.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openvswitch edge-community 2.17.1-r1 Stuart Cardall <developer@it-offshore.co.uk> possibly vulnerable
openvswitch 3.16-community 2.17.1-r0 Stuart Cardall <developer@it-offshore.co.uk> possibly vulnerable