CVE-2019-7620

Published: Oct 30, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

Affected (2)

Products: Elastic: Logstash

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Elastic Logstash	From 6.0.0 to 6.8.4
Elastic Logstash	From 7.0.0 to 7.4.1

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909

Source: security@elastic.co

Vendor Advisory

https://www.elastic.co/community/security

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.elastic.co/community/security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.