Описание
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat.
Пакеты
github.com/elastic/beats
>= 8.6.0, < 8.19.9
8.19.9
github.com/elastic/beats
>= 9.0.0, < 9.1.9
9.1.9
github.com/elastic/beats
>= 9.2.0, < 9.2.3
9.2.3
github.com/elastic/beats/v7
< 7.0.0-alpha2.0.20251209162832-28cfc80d2f4e
7.0.0-alpha2.0.20251209162832-28cfc80d2f4e
Связанные уязвимости
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Allocation of resources without limits or throttling (CWE-770) allows ...