Lucene search
Ubuntu.comUB:CVE-2019-25076HistorySep 08, 2022 - 12:00 a.m.
CVE-2019-25076
2022-09-0800:00:00
ubuntu.com
ubuntu.com
11
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2
and 3.0.0 allows remote attackers to cause a denial of service (delays of
legitimate traffic) via crafted packet data that requires excessive
evaluation time within the packet classification algorithm for the MegaFlow
cache, aka a Tuple Space Explosion (TSE) attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2024-02-02, doesn’t appear to be an upstream fix available for this issue. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | openvswitch | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | openvswitch | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | openvswitch | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | openvswitch | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | openvswitch | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | openvswitch | < any | UNKNOWN |
References
arxiv.org/abs/2011.09107
dl.acm.org/citation.cfm?doid=3359989.3365431
launchpad.net/bugs/cve/CVE-2019-25076
nvd.nist.gov/vuln/detail/CVE-2019-25076
security-tracker.debian.org/tracker/CVE-2019-25076
sites.google.com/view/tuple-space-explosion
www.cve.org/CVERecord?id=CVE-2019-25076
www.youtube.com/watch?v=5cHpzVK0D28
www.youtube.com/watch?v=DSC3m-Bww64
Related
cvelist
cvelist
CVE-2019-25076
2022-09-08 22:08:42
alpinelinux
alpinelinux
CVE-2019-25076
2022-09-08 23:15:00
osv
osv
CVE-2019-25076
2022-09-08 23:15:10
prion
prion
Code injection
2022-09-08 23:15:00
nessus
nessus
CBL Mariner 2.0 Security Update: openvswitch (CVE-2019-25076)
2023-03-28 00:00:00
RHEL 7 : openvswitch (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : openvswitch (Unpatched Vulnerability)
2024-05-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-25076 affecting package openvswitch for versions less than 2.17.5-1
2023-01-20 06:36:23
CVE-2019-25076 affecting package openvswitch 2.15.7-1
2024-05-17 09:07:12
cve
cve
CVE-2019-25076
2022-09-08 23:15:00
redhatcve
redhatcve
CVE-2019-25076
2022-10-17 07:01:00
debiancve
debiancve
CVE-2019-25076
2022-09-08 23:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2262
2023-10-22 05:27:25