Description
Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Elastic / Packetbeat7.0.0 – 7.17.29
- Elastic / Packetbeat8.0.0 – 8.19.8
- Elastic / Packetbeat9.0.0 – 9.1.8
- Elastic / Packetbeat9.2.0 – 9.2.2