CVE-2025-68383

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68383

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68383.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68383

Aliases

Downstream

SUSE-SU-2026:0292-1

Related

Published

2025-12-18T22:16:02.387Z

Modified

2026-04-10T05:35:06.031536Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.

References

https://discuss.elastic.co/t/filebeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-32/384180

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "7.0.0"
            },
            {
                "last_affected": "7.17.29"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.0"
            },
            {
                "fixed": "8.19.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "9.0.0"
            },
            {
                "fixed": "9.1.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "9.2.0"
            },
            {
                "fixed": "9.2.3"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68383.json"