The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2
and 3.0.0 allows remote attackers to cause a denial of service (delays of
legitimate traffic) via crafted packet data that requires excessive
evaluation time within the packet classification algorithm for the MegaFlow
cache, aka a Tuple Space Explosion (TSE) attack.
Author | Note |
---|---|
mdeslaur | as of 2024-02-02, doesn’t appear to be an upstream fix available for this issue. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openvswitch | < any | UNKNOWN |
ubuntu | 20.04 | noarch | openvswitch | < any | UNKNOWN |
ubuntu | 22.04 | noarch | openvswitch | < any | UNKNOWN |
ubuntu | 23.10 | noarch | openvswitch | < any | UNKNOWN |
ubuntu | 24.04 | noarch | openvswitch | < any | UNKNOWN |
ubuntu | 16.04 | noarch | openvswitch | < any | UNKNOWN |
arxiv.org/abs/2011.09107
dl.acm.org/citation.cfm?doid=3359989.3365431
launchpad.net/bugs/cve/CVE-2019-25076
nvd.nist.gov/vuln/detail/CVE-2019-25076
security-tracker.debian.org/tracker/CVE-2019-25076
sites.google.com/view/tuple-space-explosion
www.cve.org/CVERecord?id=CVE-2019-25076
www.youtube.com/watch?v=5cHpzVK0D28
www.youtube.com/watch?v=DSC3m-Bww64