CVE-2016-10363

7.5HIGH

Key Information:

Vendor: Elastic
Status: Logstash
Vendor: CVE Published:; 16 June 2017

Summary

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

Affected Version(s)

Logstash before 2.3.3

References

https://www.elastic.co/community/security

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2017
Vulnerability Reserved
May 2, 2017