CVE-2019-15753

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15753
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15753.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15753
Aliases
Downstream
Published
2019-08-28T21:15:10.943Z
Modified
2026-03-14T14:38:43.337721Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

References

Affected packages

Git / github.com/openstack/os-vif

Affected ranges

Type
GIT
Repo
https://github.com/openstack/os-vif
Events
Introduced
1546d349b1656bc98286af47f1e2748b76743abc
Fixed
ec9d5430300c908ea9a1c64151eee7af522a44e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
983bfdee5024afc9fb3e7979b1219a58669bd401
Database specific 
{
    "versions": [
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "1.15.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.16.0"
        }
    ]
}

Affected versions

1.*
1.15.0
1.15.1
1.16.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15753.json"