Primary

Context

Elastic Filebeat Buffer Overflow Vulnerability in Syslog Parser and Dissect Processor Allowing Denial-of-Service

Vulnerability

Patched

A buffer overflow vulnerability has been identified in Elastic Filebeat versions 7.x, 8.0.0 through 8.19.8, 9.0.0 through 9.1.8, and 9.2.0 through 9.2.2. This vulnerability arises from improper validation of input indices, positions, or offsets in the Syslog parser and the Libbeat Dissect processor. It can be exploited by sending a malformed Syslog message or by using a malicious tokenizer pattern in the Dissect configuration, leading to a denial-of-service condition by causing the Filebeat process to panic and crash.

Impact

Exploitation of this vulnerability triggers a buffer overflow, causing the Filebeat process to crash and creating a denial-of-service condition.

Remediation

Users can upgrade to Filebeat versions 8.19.9, 9.1.9, or 9.2.3 to address this vulnerability.

Added: Dec 18, 2025, 10:19 PM

Updated: Dec 18, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Filebeat Buffer Overflow Vulnerability in Syslog Parser and Dissect Processor Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Filebeat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating