CVE-2025-68388

Medium CVSS: 5.3

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.

Vendor

Elasticsearch

Product

Packetbeat

CWE

CWE-770

Yayın Tarihi

2025-12-18 22:16:02

Güncelleme

2025-12-23 17:43:47

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-770 Packetbeat MEDIUM Elasticsearch 2025

Referanslar

https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177

Benzer Kayıtlar

Medium

CVE-2026-26933

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Ser…

Medium

CVE-2026-26932

Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service…

Medium

CVE-2025-68381

Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (…

Medium

CVE-2025-68382

Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the…