The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
References
Link | Resource |
---|---|
https://arxiv.org/abs/2011.09107 | Third Party Advisory |
https://dl.acm.org/citation.cfm?doid=3359989.3365431 | Third Party Advisory |
https://sites.google.com/view/tuple-space-explosion | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=5cHpzVK0D28 | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=DSC3m-Bww64 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Sep 2022, 20:41
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://arxiv.org/abs/2011.09107 - Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=5cHpzVK0D28 - Exploit, Third Party Advisory | |
References | (MISC) https://dl.acm.org/citation.cfm?doid=3359989.3365431 - Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=DSC3m-Bww64 - Exploit, Third Party Advisory | |
References | (MISC) https://sites.google.com/view/tuple-space-explosion - Exploit, Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:openvswitch:openvswitch:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* |
|
First Time |
Openvswitch
Openvswitch openvswitch |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.8 |
08 Sep 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-08 23:15
Updated : 2023-12-10 14:35
NVD link : CVE-2019-25076
Mitre link : CVE-2019-25076
CVE.ORG link : CVE-2019-25076
JSON object : View
Products Affected
openvswitch
- openvswitch
CWE