CVE-2016-10363Uncaught Exception in Logstash

CWE-248Uncaught ExceptionCWE-404Improper Resource Shutdown or Release3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Logstash
Timeline
PublishedJun 16
Latest updateMay 13

Description

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDelastic/logstash2.3.2
CVEListV5elastic/logstashbefore 2.3.3

🔴Vulnerability Details

2
GHSA
GHSA-x36p-26r2-96m6: Logstash versions prior to 22022-05-13
CVEList
CVE-2016-10363: Logstash versions prior to 22017-06-16
CVE-2016-10363 — Uncaught Exception in Elastic Logstash | cvebase