Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.elastic.co/community/security |
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2017-06-16T21:00:00
Updated: 2024-08-06T03:21:51.334Z
Reserved: 2017-05-02T00:00:00
Link: CVE-2016-10363
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-06-16T21:29:00.430
Modified: 2019-10-09T23:16:38.010
Link: CVE-2016-10363
Redhat
No data.