Unrated severityNVD Advisory· Published Oct 30, 2019· Updated Aug 4, 2024
CVE-2019-7620
CVE-2019-7620
Description
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.
Affected products
1Patches
21 file changed · +1 −1
docs/static/upgrading.asciidoc+1 −1 modified@@ -135,7 +135,7 @@ it before you upgrade. To drain the queue: -. In the logstash.yml file, set `queue.drain:true`. +. In the logstash.yml file, set `queue.drain: true`. . Restart Logstash for this setting to take effect. . Shutdown Logstash (using CTRL+C or SIGTERM), and wait for the queue to empty.
b1ac63cdba26doc: replace unicode non-breaking hyphen U+8211 with ASCII hyphen
1 file changed · +1 −1
docs/static/reloading-config.asciidoc+1 −1 modified@@ -9,7 +9,7 @@ command-line option specified. For example: [source,shell] ---------------------------------- -bin/logstash –f apache.config --config.reload.automatic +bin/logstash -f apache.config --config.reload.automatic ---------------------------------- NOTE: The `--config.reload.automatic` option is not available when you specify the `-e` flag to pass
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908mitrex_refsource_CONFIRM
- discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909mitrex_refsource_CONFIRM
- www.elastic.co/community/securitymitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.