CVE-2025-68388

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68388

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68388.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68388

Aliases

Downstream

SUSE-SU-2026:0292-1

Related

Published

2025-12-18T22:16:02.683Z

Modified

2026-04-10T05:36:25.673351Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.

References

https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177

Affected packages

Git / github.com/elastic/beats

Affected ranges

Type

GIT

Repo

https://github.com/elastic/beats

Events

Introduced

561a3e1839f1a50ce832e8e114de399b2bee2542

Fixed

044579ba343a33f2594ab0af5d8778f23d813c7b

Introduced

42a721c925857c0d1f4160c977eb5f188e46d425

Fixed

18d7329ef5c55c5bb59ae4ddf55f08ff03e32600

Introduced

09b547febe1cc9102a5d3f80ac8fbf68a5fd84f5

Fixed

b95cc76490c9bb4184f98e0094be4af14b5d7bd2

Database specific

{
    "versions": [
        {
            "introduced": "8.6.0"
        },
        {
            "fixed": "8.19.9"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.1.9"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.3"
        }
    ]
}

Affected versions

v9.*

v9.2.0

v9.2.1

v9.2.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68388.json"