GHSA-2mj3-6grc-px38

Source

https://github.com/advisories/GHSA-2mj3-6grc-px38

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mj3-6grc-px38/GHSA-2mj3-6grc-px38.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2mj3-6grc-px38

Aliases

Related

CGA-m658-4ww5-36j3

Published

2025-12-19T00:31:42Z

Modified

2026-02-04T02:17:19.308779Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Details

Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2025-12-18T22:16:02Z",
    "cwe_ids": [
        "CWE-120",
        "CWE-1284"
    ],
    "github_reviewed_at": "2025-12-19T21:04:09Z"
}

References

Affected packages

github.com/elastic/beats/v7

Package

Name: github.com/elastic/beats/v7; View open source insights on deps.dev
Purl: pkg:golang/github.com/elastic/beats/v7

Affected ranges

Type: SEMVER
Events: Introduced

7.7.0

Fixed

8.19.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mj3-6grc-px38/GHSA-2mj3-6grc-px38.json"

github.com/elastic/beats/v7

Package

Name: github.com/elastic/beats/v7; View open source insights on deps.dev
Purl: pkg:golang/github.com/elastic/beats/v7

Affected ranges

Type: SEMVER
Events: Introduced

9.0.0

Fixed

9.1.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mj3-6grc-px38/GHSA-2mj3-6grc-px38.json"

github.com/elastic/beats/v7

Package

Name: github.com/elastic/beats/v7; View open source insights on deps.dev
Purl: pkg:golang/github.com/elastic/beats/v7

Affected ranges

Type: SEMVER
Events: Introduced

9.2.0

Fixed

9.2.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mj3-6grc-px38/GHSA-2mj3-6grc-px38.json"

github.com/elastic/beats/v7

Package

Name: github.com/elastic/beats/v7; View open source insights on deps.dev
Purl: pkg:golang/github.com/elastic/beats/v7

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.0-alpha2.0.20251204214633-dd3af18220bf

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mj3-6grc-px38/GHSA-2mj3-6grc-px38.json"

github.com/elastic/beats

Package

Name: github.com/elastic/beats; View open source insights on deps.dev
Purl: pkg:golang/github.com/elastic/beats

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

7.6.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mj3-6grc-px38/GHSA-2mj3-6grc-px38.json"