High severityNVD Advisory· Published Dec 4, 2023· Updated Aug 2, 2024
Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix
CVE-2023-6481
Description
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ch.qos.logback:logback-coreMaven | >= 1.4.13, < 1.4.14 | 1.4.14 |
ch.qos.logback:logback-coreMaven | >= 1.3.13, < 1.3.14 | 1.3.14 |
ch.qos.logback:logback-coreMaven | >= 1.2.12, < 1.2.13 | 1.2.13 |
Affected products
24- osv-coords23 versionspkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-5.0-compatpkg:apk/chainguard/cassandra-5.0-entrypoint-compatpkg:apk/chainguard/cassandra-5.0-iamguarded-compatpkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/cassandra-fips-5.0-compatpkg:apk/chainguard/cqlsh-5.0pkg:apk/chainguard/cqlsh-fips-5.0pkg:apk/chainguard/stargatepkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-5.0-compatpkg:apk/wolfi/cassandra-5.0-entrypoint-compatpkg:apk/wolfi/cassandra-5.0-iamguarded-compatpkg:apk/wolfi/cqlsh-5.0pkg:deb/ubuntu/logback@1:1.1.3-2?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/logback@1:1.2.10-1?arch=source&distro=jammypkg:deb/ubuntu/logback@1:1.2.11-5?arch=source&distro=noblepkg:deb/ubuntu/logback@1:1.2.11-5?arch=source&distro=oracularpkg:deb/ubuntu/logback@1:1.2.11-6?arch=source&distro=pluckypkg:deb/ubuntu/logback@1:1.2.3-2ubuntu1~18.04.1?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/logback@1:1.2.3-5?arch=source&distro=esm-apps/focalpkg:maven/ch.qos.logback/logback-corepkg:rpm/opensuse/logback&distro=openSUSE%20Tumbleweed
< 0+ 22 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.78-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 1.4.13, < 1.4.14
- (no CPE)range: < 1.2.13-1.1
- QOS.CH Sarl/logbackv5Range: 1.4.14
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-gm62-rw4g-vrc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6481ghsaADVISORY
- github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578ghsaWEB
- github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6fghsaWEB
- logback.qos.ch/news.htmlghsaWEB
- logback.qos.ch/news.htmlghsaWEB
News mentions
0No linked articles in our index yet.