Primary

Context

Elastic Packetbeat Improper Array Index Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Elastic Packetbeat versions 8.19.11 and 9.2.5. The issue arises from improper validation of array indices in multiple protocol parser components, allowing an attacker to manipulate input data and cause out-of-bounds read operations. This exploitation can lead to application crashes or resource exhaustion. To trigger this vulnerability, an attacker must send specially crafted, malformed network packets to a monitored interface, requiring them to be on the same network segment as the Packetbeat deployment or to control traffic routed to the monitored interfaces.

Impact

Exploitation of this vulnerability can cause application crashes or resource exhaustion, leading to a denial-of-service condition.

Added: Mar 19, 2026, 6:25 PM

Updated: Mar 19, 2026, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Packetbeat Improper Array Index Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Elastic Packetbeat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating