Описание
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
A flaw was found in the Tuple Space Search (TSS) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0. This issue allows remote attackers to cause a denial of service via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache (Tuple Space Explosion (TSE) attack).
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | openvswitch | Will not fix | ||
| Fast Datapath for RHEL 7 | openvswitch2.10 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.12 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.13 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.12 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.13 | Affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.15 | Affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.16 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS3
Связанные уязвимости
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache aka a Tuple Space Explosion (TSE) attack.
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.1 ...
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
EPSS
5.8 Medium
CVSS3