CVE-2016-10363
HIGHLogstash < 2.3.3 - Denial of Service via Netflow Codec Plugin
Title source: llmDescription
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.elastic.co/community/security
Scores
CVSS v3
7.5
EPSS
0.0132
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-248
CWE-404
Status
published
Products (2)
elastic/logstash
< 2.3.2
Elastic/Logstash
before 2.3.3
Published
Jun 16, 2017
Tracked Since
Feb 18, 2026