| Vulnerability Name: | CVE-2019-25076 (CCN-235841) | ||||||||||||
| Assigned: | 2020-12-10 | ||||||||||||
| Published: | 2020-12-10 | ||||||||||||
| Updated: | 2022-09-13 | ||||||||||||
| Summary: | The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack. | ||||||||||||
| CVSS v3 Severity: | 5.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L) 5.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:U/RC:R)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-25076 Source: MISC Type: Third Party Advisory https://arxiv.org/abs/2011.09107 Source: MISC Type: Third Party Advisory https://dl.acm.org/citation.cfm?doid=3359989.3365431 Source: XF Type: UNKNOWN openvswitch-cve201925076-dos(235841) Source: MISC Type: Exploit, Third Party Advisory https://sites.google.com/view/tuple-space-explosion Source: CCN Type: Open vSwitch Web site Open vSwitch Source: MISC Type: Exploit, Third Party Advisory https://www.youtube.com/watch?v=5cHpzVK0D28 Source: CCN Type: YouTube Web site The Discrepancy of the Megaflow Cache in OVS, Final Episode Source: MISC Type: Exploit, Third Party Advisory https://www.youtube.com/watch?v=DSC3m-Bww64 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||