Description
Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Elastic / Packetbeat7.0.0 – 7.17.29
- Elastic / Packetbeat8.0.0 – 8.19.8
- Elastic / Packetbeat9.0.0 – 9.1.8
- Elastic / Packetbeat9.2.0 – 9.2.2