Vulnerability Description
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Logstash | >= 6.0.0, < 6.8.4 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908Vendor Advisory
- https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909Vendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
- https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908Vendor Advisory
- https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909Vendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
FAQ
What is CVE-2019-7620?
CVE-2019-7620 is a vulnerability with a CVSS score of 7.5 (HIGH). Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could ...
How severe is CVE-2019-7620?
CVE-2019-7620 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7620?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Logstash.