CVE-2016-10363

HIGH

Elastic Logstash < 2.3.2 - Improper Resource Release

Title source: rule

Description

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

References (1)

[Vendor Advisory] https://www.elastic.co/community/security

Scores

CVSS v3 7.5

EPSS 0.0060

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-248 CWE-404

Status published

Products (2)

elastic/logstash < 2.3.2

Elastic/Logstash before 2.3.3

Published Jun 16, 2017

Tracked Since Feb 18, 2026