CVE-2016-10363

EPSS 0.6%
Veröffentlicht 16.06.2017 21:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle bressers@elastic.co
CVE-Watchlists
Login
Unerledigt
Login

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elastic ≫ Logstash Version <= 2.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.668

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://www.elastic.co/community/security

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-10363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10363

EUVD