CVE-2025-68381

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68381

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68381.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68381

Published

2025-12-18T22:16:02.070Z

Modified

2026-03-13T03:48:34.522767Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.

References

https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-30/384178

Affected packages

Git / github.com/elastic/beats

Affected ranges

Type

GIT

Repo

https://github.com/elastic/beats

Events

Introduced

da192b7d09af1d735cef19ea7816b8b8a5d4a323

Last affected

bb9ad7633fb96c506b9fe1723b91d82fc4fb6317

Introduced

2ab3a7334016f570e0bfc7e9a577a35a22e02df5

Fixed

044579ba343a33f2594ab0af5d8778f23d813c7b

Introduced

42a721c925857c0d1f4160c977eb5f188e46d425

Fixed

18d7329ef5c55c5bb59ae4ddf55f08ff03e32600

Introduced

09b547febe1cc9102a5d3f80ac8fbf68a5fd84f5

Fixed

b95cc76490c9bb4184f98e0094be4af14b5d7bd2

Database specific

{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.17.29"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.19.9"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.1.9"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.3"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68381.json"