VDB

CVE-2019-25076

CVE-2019-25076 PUBLISHED

The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

EPSS 0.67% · 71.8th percentile

Risk Scores

EPSS Score
0.67%
71.8th percentile

Affected Products

VendorProductVersions
Ubuntu:25.10openvswitch3.5.0-1build1, 3.6.0-2, 0
Ubuntu:24.04:LTSopenvswitch3.3.0~git20240118.e802fe7-2, 3.3.0~git20240118.e802fe7-3, *
Ubuntu:22.04:LTSopenvswitch*, 0, 2.16.0-0ubuntu2
Ubuntu:20.04:LTSopenvswitch2.13.8-0ubuntu1, 0, 2.12.0-0ubuntu1
Ubuntu:Pro:16.04:LTSopenvswitch2.5.9-0ubuntu0.16.04.2, 2.4.0-0ubuntu5, 2.5.0~git20160129.46a88d9-0ubuntu1
Ubuntu:Pro:18.04:LTSopenvswitch0, 2.8.0-0ubuntu2, 2.8.1-0ubuntu3

Exploit Intelligence

Timeline

  • Sep 8, 2022 CVE Published
  • Sep 9, 2022 EPSS Score
  • Oct 24, 2022 EPSS Score
  • Dec 8, 2022 EPSS Score
  • Jan 22, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 23, 2023 EPSS Score
  • Jun 7, 2023 EPSS Score
  • Jul 22, 2023 EPSS Score
  • Sep 5, 2023 EPSS Score
  • Oct 20, 2023 EPSS Score
  • Dec 4, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›