5.3

CVE-2025-68388

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElasticsearchPacketbeat Version >= 8.6.0 < 8.19.9
ElasticsearchPacketbeat Version >= 9.0.0 < 9.1.9
ElasticsearchPacketbeat Version >= 9.2.0 < 9.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.223
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@elastic.co 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177
Vendor Advisory