High severityNVD Advisory· Published Nov 29, 2023· Updated Nov 29, 2024
Logback "receiver" DOS vulnerability
CVE-2023-6378
Description
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ch.qos.logback:logback-classicMaven | >= 1.3.0, < 1.3.12 | 1.3.12 |
ch.qos.logback:logback-classicMaven | >= 1.4.0, < 1.4.12 | 1.4.12 |
ch.qos.logback:logback-coreMaven | >= 1.3.0, < 1.3.12 | 1.3.12 |
ch.qos.logback:logback-coreMaven | >= 1.4.0, < 1.4.12 | 1.4.12 |
ch.qos.logback:logback-coreMaven | < 1.2.13 | 1.2.13 |
ch.qos.logback:logback-classicMaven | < 1.2.13 | 1.2.13 |
Affected products
137- osv-coords136 versionspkg:apk/chainguard/cassandra-4.0pkg:apk/chainguard/cassandra-4.0-compatpkg:apk/chainguard/cassandra-4.1pkg:apk/chainguard/cassandra-4.1-compatpkg:apk/chainguard/cassandra-4.1-iamguarded-compatpkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-5.0-compatpkg:apk/chainguard/cassandra-5.0-entrypoint-compatpkg:apk/chainguard/cassandra-5.0-iamguarded-compatpkg:apk/chainguard/cassandra-fips-4.0pkg:apk/chainguard/cassandra-fips-4.0-compatpkg:apk/chainguard/cassandra-fips-4.1pkg:apk/chainguard/cassandra-fips-4.1-compatpkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/cassandra-fips-5.0-compatpkg:apk/chainguard/cqlsh-5.0pkg:apk/chainguard/cqlsh-fips-5.0pkg:apk/chainguard/stargatepkg:apk/chainguard/tezpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/zookeeper-3.8pkg:apk/chainguard/zookeeper-3.9pkg:apk/chainguard/zookeeper-bitnami-3.8-compatpkg:apk/chainguard/zookeeper-bitnami-3.9-compatpkg:apk/wolfi/cassandra-4.1pkg:apk/wolfi/cassandra-4.1-compatpkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-5.0-compatpkg:apk/wolfi/cassandra-5.0-entrypoint-compatpkg:apk/wolfi/cassandra-5.0-iamguarded-compatpkg:apk/wolfi/cqlsh-5.0pkg:apk/wolfi/tezpkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/zookeeper-3.8pkg:apk/wolfi/zookeeper-3.9pkg:apk/wolfi/zookeeper-bitnami-3.8-compatpkg:apk/wolfi/zookeeper-bitnami-3.9-compatpkg:maven/ch.qos.logback/logback-classicpkg:maven/ch.qos.logback/logback-corepkg:rpm/opensuse/logback&distro=openSUSE%20Tumbleweed
< 0+ 135 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 5.0.6-r3
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.78-r2
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 3.8.3.0-r7
- (no CPE)range: < 3.9.1.0-r7
- (no CPE)range: < 3.8.3.0-r7
- (no CPE)range: < 3.9.1.0-r7
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 5.0.6-r3
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 434-r0
- (no CPE)range: < 3.8.3.0-r7
- (no CPE)range: < 3.9.1.0-r7
- (no CPE)range: < 3.8.3.0-r7
- (no CPE)range: < 3.9.1.0-r7
- (no CPE)range: >= 1.3.0, < 1.3.12
- (no CPE)range: >= 1.3.0, < 1.3.12
- (no CPE)range: < 1.2.13-1.1
- QOS.CH Sarl/logbackv5Range: 1.4.12
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-vmq6-5m68-f53mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6378ghsaADVISORY
- github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1ebghsaWEB
- github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731ghsaWEB
- github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3ghsaWEB
- github.com/qos-ch/logback/issues/745ghsaWEB
- logback.qos.ch/manual/receivers.htmlghsaWEB
- logback.qos.ch/news.htmlghsaWEB
- logback.qos.ch/news.htmlghsaWEB
- security.netapp.com/advisory/ntap-20241129-0012ghsaWEB
News mentions
0No linked articles in our index yet.