Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6378

Опубликовано: 29 нояб. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.

Отчет

The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2logbackNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Not affected
Migration Toolkit for Applications 6logbackWill not fix
Migration Toolkit for Applications 7logbackAffected
Migration Toolkit for RuntimeslogbackNot affected
OpenShift ServerlesslogbackWill not fix
Red Hat build of Apache Camel for Spring Boot 3logbackWill not fix
Red Hat build of Debezium 2logbackWill not fix
Red Hat Build of KeycloaklogbackNot affected
Red Hat build of OptaPlanner 8logbackAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-499
https://bugzilla.redhat.com/show_bug.cgi?id=2252230logback: serialization vulnerability in logback receiver

EPSS

Процентиль: 70%
0.00652
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-6378

CVSS3: 7.1
ubuntu
больше 1 года назад

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

nvd логотип

CVE-2023-6378

CVSS3: 7.1
nvd
больше 1 года назад

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

debian логотип

CVE-2023-6378

CVSS3: 7.1
debian
больше 1 года назад

A serialization vulnerability in logback receiver component part of l ...

github логотип

GHSA-vmq6-5m68-f53m

CVSS3: 7.1
github
больше 1 года назад

logback serialization vulnerability

fstec логотип

BDU:2023-09017

CVSS3: 7.1
fstec
больше 1 года назад

Уязвимость компонента logback receiver библиотеки логирования logback, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 70%
0.00652
Низкий

7.5 High

CVSS3