CVE-2019-25076

Name of the Vulnerable Software and Affected Versions Open vSwitch versions 2.x through 2.17.2 Open vSwitch version 3.0.0

Description The issue allows remote attackers to cause a denial of service, resulting in delays of legitimate traffic. This is achieved via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, also known as a Tuple Space Explosion (TSE) attack.

Recommendations For Open vSwitch versions 2.x through 2.17.2, update to a version later than 2.17.2 to resolve the issue. For Open vSwitch version 3.0.0, update to a version later than 3.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the MegaFlow cache to minimize the risk of exploitation.