CVE-2023-6481

CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

7.5HIGH

EPSS

0.2%

top 54.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

QOS Logback

Timeline

PublishedDec 4

Latest updateJan 16

Description

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.5 | Impact: 4.0

Affected Packages2 packages

▶Mavench.qos.logback:logback-core1.4.13 — 1.4.14+2

▶NVDqos/logback1.2.12, 1.3.13, 1.4.13+2

🔴Vulnerability Details

CVEList

Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix↗2023-12-04

▶

OSV

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data↗2023-12-04

▶

GHSA

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data↗2023-12-04

▶

OSV

CVE-2023-6481: A serialization vulnerability in logback receiver component part of logback version 1↗2023-12-04

▶

📋Vendor Advisories

Atlassian

CVE-2023-6481: DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server↗2024-01-16

▶

Red Hat

logback: A serialization vulnerability in logback receiver↗2023-12-04

▶

Debian

CVE-2023-6481: logback - A serialization vulnerability in logback receiver component part of logback ver...↗2023

▶