GHSA-fj69-23m4-ccvv (CVE-2025-68388)

Details

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat.

Affected Packages

Gogithub.com/elastic/beats

Fixed in:

8.19.9

Gogithub.com/elastic/beats

Fixed in:

9.1.9

Gogithub.com/elastic/beats

Fixed in:

9.2.3

Gogithub.com/elastic/beats/v7

Fixed in:

7.0.0-alpha2.0.20251209162832-28cfc80d2f4e

References

WEBhttps://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177 ADVISORYhttps://github.com/advisories/GHSA-fj69-23m4-ccvv PACKAGEhttps://github.com/elastic/beats WEBhttps://github.com/elastic/beats/commit/28cfc80d2f4e80bfd1c72eb3f849d777751ab870 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-68388

GHSA-fj69-23m4-ccvv

Details

Affected Packages

References

Aliases

CVSS Analysis

Related

Ecosystems

Timeline