Resource exhaustion in Elastic Logstash

CVE-2019-7620

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.

Affected products

Elastic Logstash — versions before 7.4.1 and 6.8.4

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

www.elastic.co/community/security (x_refsource_CONFIRM)
discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908 (x_refsource_CONFIRM)
discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909 (x_refsource_CONFIRM)