Primary

Context

Elastic Packetbeat Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A resource exhaustion vulnerability has been identified in Elastic Packetbeat versions 7.x, 8.0.0 prior to 8.19.8, 9.0.0 prior to 9.1.8, and 9.2.0 prior to 9.2.3. This vulnerability allows an unauthenticated remote attacker to cause excessive memory and CPU usage by integrating malicious IPv4 fragments. The flaw arises from the allocation of resources without limits or throttling, leading to a denial-of-service condition in Packetbeat.

Impact

Exploitation of this vulnerability causes high CPU usage and memory exhaustion, leading to a denial-of-service condition where Packetbeat becomes unresponsive or significantly degraded in performance.

Remediation

Users can upgrade to Packetbeat versions 8.19.9, 9.1.9, or 9.2.3 to address this vulnerability.

Added: Dec 18, 2025, 10:17 PM

Updated: Dec 18, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Packetbeat Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Packetbeat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating