Vulnerability Details CVE-2016-10363
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2016-10363
-
cpe:2.3:a:elastic:logstash:1.0.0
-
cpe:2.3:a:elastic:logstash:1.0.1
-
cpe:2.3:a:elastic:logstash:1.0.10
-
cpe:2.3:a:elastic:logstash:1.0.11
-
cpe:2.3:a:elastic:logstash:1.0.12
-
cpe:2.3:a:elastic:logstash:1.0.14
-
cpe:2.3:a:elastic:logstash:1.0.15
-
cpe:2.3:a:elastic:logstash:1.0.16
-
cpe:2.3:a:elastic:logstash:1.0.17
-
cpe:2.3:a:elastic:logstash:1.0.4
-
cpe:2.3:a:elastic:logstash:1.0.5
-
cpe:2.3:a:elastic:logstash:1.0.6
-
cpe:2.3:a:elastic:logstash:1.0.7
-
cpe:2.3:a:elastic:logstash:1.0.9
-
cpe:2.3:a:elastic:logstash:1.1.0
-
cpe:2.3:a:elastic:logstash:1.1.0.1
-
cpe:2.3:a:elastic:logstash:1.1.1
-
cpe:2.3:a:elastic:logstash:1.1.10
-
cpe:2.3:a:elastic:logstash:1.1.11
-
cpe:2.3:a:elastic:logstash:1.1.12
-
cpe:2.3:a:elastic:logstash:1.1.13
-
cpe:2.3:a:elastic:logstash:1.1.2
-
cpe:2.3:a:elastic:logstash:1.1.3
-
cpe:2.3:a:elastic:logstash:1.1.4
-
cpe:2.3:a:elastic:logstash:1.1.5
-
cpe:2.3:a:elastic:logstash:1.1.6
-
cpe:2.3:a:elastic:logstash:1.1.7
-
cpe:2.3:a:elastic:logstash:1.1.8
-
cpe:2.3:a:elastic:logstash:1.1.9
-
cpe:2.3:a:elastic:logstash:1.2.0
-
cpe:2.3:a:elastic:logstash:1.2.1
-
cpe:2.3:a:elastic:logstash:1.2.2
-
cpe:2.3:a:elastic:logstash:1.3.0
-
cpe:2.3:a:elastic:logstash:1.3.1
-
cpe:2.3:a:elastic:logstash:1.3.2
-
cpe:2.3:a:elastic:logstash:1.3.3
-
cpe:2.3:a:elastic:logstash:1.4.0
-
cpe:2.3:a:elastic:logstash:1.4.1
-
cpe:2.3:a:elastic:logstash:1.4.2
-
cpe:2.3:a:elastic:logstash:1.4.3
-
cpe:2.3:a:elastic:logstash:1.4.4
-
cpe:2.3:a:elastic:logstash:1.5.0
-
cpe:2.3:a:elastic:logstash:1.5.1
-
cpe:2.3:a:elastic:logstash:1.5.2
-
cpe:2.3:a:elastic:logstash:1.5.3
-
cpe:2.3:a:elastic:logstash:1.5.4
-
cpe:2.3:a:elastic:logstash:1.5.5
-
cpe:2.3:a:elastic:logstash:1.5.6
-
cpe:2.3:a:elastic:logstash:2.0.0
-
cpe:2.3:a:elastic:logstash:2.1.0
-
cpe:2.3:a:elastic:logstash:2.1.1
-
cpe:2.3:a:elastic:logstash:2.1.2
-
cpe:2.3:a:elastic:logstash:2.1.3
-
cpe:2.3:a:elastic:logstash:2.2.0
-
cpe:2.3:a:elastic:logstash:2.2.1
-
cpe:2.3:a:elastic:logstash:2.2.2
-
cpe:2.3:a:elastic:logstash:2.2.3
-
cpe:2.3:a:elastic:logstash:2.3.0
-
cpe:2.3:a:elastic:logstash:2.3.1
-
cpe:2.3:a:elastic:logstash:2.3.2