Vulnerability Details : CVE-2019-25076
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
Vulnerability category: Denial of service
Products affected by CVE-2019-25076
- cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
- cpe:2.3:a:openvswitch:openvswitch:3.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-25076
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-25076
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
References for CVE-2019-25076
-
https://arxiv.org/abs/2011.09107
[2011.09107] On the Feasibility and Enhancement of the Tuple Space Explosion Attack against Open vSwitchThird Party Advisory
-
https://www.youtube.com/watch?v=5cHpzVK0D28
The Discrepancy of the Megaflow Cache in OVS Part II - YouTubeExploit;Third Party Advisory
-
https://dl.acm.org/citation.cfm?doid=3359989.3365431
Tuple space explosion | Proceedings of the 15th International Conference on Emerging Networking Experiments And TechnologiesThird Party Advisory
-
https://www.youtube.com/watch?v=DSC3m-Bww64
The Discrepancy of the Megaflow Cache in OVS, Final Episode - YouTubeExploit;Third Party Advisory
-
https://sites.google.com/view/tuple-space-explosion
Tuple Space ExplosionExploit;Third Party Advisory
Jump to