Home > Vulnerability Database > CVE-2019-15753

Mend.io Vulnerability Database

CVE-2019-15753

Date: August 28, 2019

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

Severity Score

9.1

Related Resources (10)

Url: https://review.opendev.org/672834

Url: http://www.openwall.com/lists/oss-security/2019/08/29/2

Url: https://security.openstack.org/ossa/OSSA-2019-004.html

Url: https://launchpad.net/bugs/1837252

Url: https://github.com/openstack/os-vif/commit/ec9d5430300c908ea9a1c64151eee7af522a44e7

Url: https://github.com/openstack/os-vif/commit/655c83d706f5de8a8cf23430782e065219297aef

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-15753

Url: https://review.opendev.org/678098

Url: https://github.com/openstack/os-vif

Url: https://www.mend.io/vulnerability-database/CVE-2019-15753

Severity Score

9.1

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-15753

Date: August 28, 2019

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?