CVE-2025-68382

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68382

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68382.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68382

Published

2025-12-18T22:16:02.233Z

Modified

2026-03-13T03:48:35.392234Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.

References

https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-31/384179

Affected packages

Git / github.com/elastic/beats

Affected ranges

Type

GIT

Repo

https://github.com/elastic/beats

Events

Introduced

da192b7d09af1d735cef19ea7816b8b8a5d4a323

Last affected

bb9ad7633fb96c506b9fe1723b91d82fc4fb6317

Introduced

2ab3a7334016f570e0bfc7e9a577a35a22e02df5

Fixed

044579ba343a33f2594ab0af5d8778f23d813c7b

Introduced

42a721c925857c0d1f4160c977eb5f188e46d425

Fixed

18d7329ef5c55c5bb59ae4ddf55f08ff03e32600

Introduced

09b547febe1cc9102a5d3f80ac8fbf68a5fd84f5

Fixed

b95cc76490c9bb4184f98e0094be4af14b5d7bd2

Database specific

{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.17.29"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.19.9"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.1.9"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.3"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68382.json"