CVE-2019-7620 - OpenCVE

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Elastic	Logstash

Configuration 1 [-]

OR	cpe:2.3:a:elastic:logstash::::::::
	cpe:2.3:a:elastic:logstash::::::::

References

Link	Resource
https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908	Vendor Advisory
https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909	Vendor Advisory
https://www.elastic.co/community/security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: elastic

Published: 2019-10-30T13:38:40

Updated: 2019-10-30T13:38:40

Reserved: 2019-02-07T00:00:00

Link: CVE-2019-7620

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-30T14:15:11.457

Modified: 2020-10-09T12:55:34.820

Link: CVE-2019-7620

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Logstash", "vendor": "Elastic", "versions": [{"status": "affected", "version": "before 7.4.1 and 6.8.4"}]}], "descriptions": [{"lang": "en", "value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-30T13:38:40", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/community/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2019-7620", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Logstash", "version": {"version_data": [{"version_value": "before 7.4.1 and 6.8.4"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://www.elastic.co/community/security", "refsource": "CONFIRM", "url": "https://www.elastic.co/community/security"}, {"name": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908", "refsource": "CONFIRM", "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"}, {"name": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909", "refsource": "CONFIRM", "url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"}]}}}}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2019-7620", "datePublished": "2019-10-30T13:38:40", "dateReserved": "2019-02-07T00:00:00", "dateUpdated": "2019-10-30T13:38:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*", "matchCriteriaId": "D06ACA59-7534-4F89-9F61-2ECE90293176", "versionEndExcluding": "6.8.4", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*", "matchCriteriaId": "450C8263-B1E0-401C-BA4B-28A2A57CEFCB", "versionEndExcluding": "7.4.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding."}, {"lang": "es", "value": "Logstash versiones anteriores a 7.4.1 y 6.8.4, contienen un fallo de denegaci\u00f3n de servicio en el plugin de entrada de Logstash Beats. Un usuario no autenticado que puede ser capaz de conectarse a la entrada de latidos de Logstash podr\u00eda enviar un paquete de red especialmente dise\u00f1ado que causar\u00eda que Logstash deje de responder."}], "id": "CVE-2019-7620", "lastModified": "2020-10-09T12:55:34.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-30T14:15:11.457", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "bressers@elastic.co", "type": "Secondary"}]}