Description A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
CVSS vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Exploitability: 2.5 | Impact: 4.0 Attack Vector: Local
Complexity: Low
Privileges: None
User Interaction: None
Scope: Changed
Confidentiality: None
Integrity: None
Availability: High
Affected Packages5 packages ▶ Ubuntu logback < 1:1.1.3-2ubuntu0.1~esm1 +3
🔴 Vulnerability Details6 OSV logback vulnerabilities ↗ 2025-07-02 ▶ OSV logback serialization vulnerability ↗ 2023-11-29 ▶ GHSA logback serialization vulnerability ↗ 2023-11-29 ▶ CVEList Logback "receiver" DOS vulnerability ↗ 2023-11-29 ▶ OSV CVE-2023-6378: A serialization vulnerability in logback receiver component part of logback version 1 ↗ 2023-11-29 ▶ Show 1 more
📋 Vendor Advisories5 Ubuntu logback vulnerabilities ↗ 2025-07-02 ▶ Oracle Oracle Oracle Communications Applications Risk Matrix: Patch (logback) — CVE-2023-6378 ↗ 2024-04-15 ▶ Atlassian CVE-2023-6378: DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server ↗ 2024-01-16 ▶ Red Hat logback: serialization vulnerability in logback receiver ↗ 2023-11-29 ▶ Debian CVE-2023-6378: logback - A serialization vulnerability in logback receiver component part of logback ver... ↗ 2023 ▶