vulnerability
Ubuntu: (CVE-2019-25076): openvswitch vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Sep 8, 2022 | Jun 26, 2025 | Jun 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Sep 8, 2022
Added
Jun 26, 2025
Modified
Jun 27, 2025
Description
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
Solution
no-fix-ubuntu-package
References
- CVE-2019-25076
- https://attackerkb.com/topics/CVE-2019-25076
- URL-https://arxiv.org/abs/2011.09107
- URL-https://dl.acm.org/citation.cfm?doid=3359989.3365431
- URL-https://sites.google.com/view/tuple-space-explosion
- URL-https://www.cve.org/CVERecord?id=CVE-2019-25076
- URL-https://www.youtube.com/watch?v=5cHpzVK0D28
- URL-https://www.youtube.com/watch?v=DSC3m-Bww64
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.