CVE-2023-6378 HIGH

Published: 2023-11-29 | Last Modified: 2024-11-29 | Status: Modified

Description

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Additional Descriptions (1)

Una vulnerabilidad de serialización en el componente receptor de inicio de sesión de la versión 1.4.11 permite a un atacante montar un ataque de Denegación de Servicio mediante el envío de datos envenenados.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-502

Affected Products

Vendor	Product	Version	Update	Type
qos	logback	*	<built-in method update of dict object at 0x72a9af7d79c0>	Application
qos	logback	*	<built-in method update of dict object at 0x72a9cdf01cc0>	Application
qos	logback	*	<built-in method update of dict object at 0x72a9cc580e00>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:qos:logback::::::::`
Yes	`cpe:2.3:a:qos:logback::::::::`
Yes	`cpe:2.3:a:qos:logback::::::::`

References

https://logback.qos.ch/news.html#1.3.12
Source: [email protected]

Release Notes
https://logback.qos.ch/news.html#1.3.12
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://security.netapp.com/advisory/ntap-20241129-0012/
Source: af854a3a-2127-422b-91ae-364da2661108