CVE-2016-10363

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-10363

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10363.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10363

Published

2017-06-16T21:29:00.430Z

Modified

2026-04-10T03:47:26.323947Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

References

https://www.elastic.co/community/security

Affected packages

Git / github.com/elastic/logstash

Affected ranges

Type

GIT

Repo

https://github.com/elastic/logstash

Events

Introduced

Last affected

2b6800abad909c5a36ab50c915a606ccf3001d78

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.2"
        }
    ]
}

Affected versions

Other

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.14

v1.0.15

v1.0.16

v1.0.4

v1.0.6

v1.0.7

v1.0.9

v1.1.0beta7

v1.1.0beta9

v1.1.1-rc1

v1.1.10

v1.1.11

v1.1.12

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.0.beta1

v1.2.0.beta2

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.4.0.beta1

v1.4.1

v2.*

v2.3.0.snapshot2

v2.3.0.snapshot3

v2.3.0.snapshot5

v2.3.1

v2.3.1.snapshot1

v2.3.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10363.json"