{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6481","assignerOrgId":"455daabc-a392-441d-aa46-37d35189897c","state":"PUBLISHED","assignerShortName":"NCSC.ch","dateReserved":"2023-12-04T08:34:29.742Z","datePublished":"2023-12-04T08:35:44.396Z","dateUpdated":"2024-08-02T08:28:21.829Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["logback receiver"],"platforms":["Windows","Linux","MacOS"],"product":"logback","repo":"https://github.com/qos-ch/logback","vendor":"QOS.CH Sarl","versions":[{"status":"unaffected","version":"1.4.14"},{"status":"unaffected","version":"1.3.14"},{"status":"unaffected","version":"1.2.13"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n<pre>The attacker needs to be able to feed poisoned data to a logback receiver. Thus, the attacker needs to connect to a logback receiver which can be a significant hurdle in itself.<br>Only environments where logback receiver is deployed are vulnerable. <br></pre>\n\n"}],"value":"The attacker needs to be able to feed poisoned data to a logback receiver. Thus, the attacker needs to connect to a logback receiver which can be a significant hurdle in itself.\nOnly environments where logback receiver is deployed are vulnerable. \n\n\n\n\n"}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Yakov Shafranovich, Amazon Web Services"},{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Camilo Aparecido Ferri Moreira"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nA serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,&nbsp;1.3.13 and&nbsp;1.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"}],"value":"A serialization vulnerability in logback receiver component part of \nlogback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"}],"impacts":[{"descriptions":[{"lang":"en","value":"Excessive CPU or memory usage on the host where a logback receiver component is deployed"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"Denial-of-service using poisoned data","lang":"en"}]}],"providerMetadata":{"orgId":"455daabc-a392-441d-aa46-37d35189897c","shortName":"NCSC.ch","dateUpdated":"2023-12-04T08:35:44.396Z"},"references":[{"url":"https://logback.qos.ch/news.html#1.3.12"},{"url":"https://logback.qos.ch/news.html#1.3.14"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Only environments where logback receiver component is deployed may be vulnerable.\n In case a logback receiver is deployed, restricting connections to \ntrustworthy clients or  upgrading to logback version 1.4.14, 1.3.14, 1.2.13 or later will remedy the vulnerability.<br><br>If you do not need to deploy logback-receiver, then please verify that you do not have any &lt;receiver&gt;&lt;/receiver&gt; entries in your configuration files.<br>"}],"value":"Only environments where logback receiver component is deployed may be vulnerable.\n In case a logback receiver is deployed, restricting connections to \ntrustworthy clients or  upgrading to logback version 1.4.14, 1.3.14, 1.2.13 or later will remedy the vulnerability.\n\nIf you do not need to deploy logback-receiver, then please verify that you do not have any <receiver></receiver> entries in your configuration files.\n"}],"source":{"discovery":"UNKNOWN"},"title":"Logback \"receiver\" DOS vulnerability CVE-2023-6378 incomplete fix","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Logback versions 1.2.13 and later, 1.3.14 \nand later&nbsp; or 1.4.14 \nand later\n\nprovides fixes. However, please note that these fixes are only effective when deployed under Java 9 or later.<br>"}],"value":"Logback versions 1.2.13 and later, 1.3.14 \nand later  or 1.4.14 \nand later\n\nprovides fixes. However, please note that these fixes are only effective when deployed under Java 9 or later.\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:28:21.829Z"},"title":"CVE Program Container","references":[{"url":"https://logback.qos.ch/news.html#1.3.12","tags":["x_transferred"]},{"url":"https://logback.qos.ch/news.html#1.3.14","tags":["x_transferred"]}]}]}}