Description
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- Elastic / Packetbeat8.6.0 – 8.19.8
- Elastic / Packetbeat9.0.0 – 9.1.8
- Elastic / Packetbeat9.2.0 – 9.2.2