Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN908 _____________________________________________________________________ DATE : 29/12/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Packetbeat versions prior to 8.19.9, 9.1.9, 9.2.3. ===================================================================== https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-31/384179 https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-30/384178 https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177 _____________________________________________________________________ Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-31) Announcements Security Announcements ismisepaul (Paul) December 18, 2025, 9:16pm 1 Packetbeat Out-of-bounds Read (ESA-2025-31) Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages. Affected Versions: 7.x: All versions 8.x: All versions from 8.0.0 up to and including 8.19.8 9.x: All versions from 9.0.0 up to and including 9.1.8 All versions from 9.2.0 up to and including 9.2.2 Solutions and Mitigations: The issue is resolved in version 8.19.9, 9.1.9, and 9.2.3. Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2025-68382 _____________________________________________________________________ Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-30) Announcements Security Announcements ismisepaul (Paul) December 18, 2025, 9:15pm 1 Packetbeat Improper Bounds Check (ESA-2025-30) Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number. Affected Versions: 7.x: All versions 8.x: All versions from 8.0.0 up to and including 8.19.8 9.x: All versions from 9.0.0 up to and including 9.1.8 All versions from 9.2.0 up to and including 9.2.2 Affected Configurations: Users using memcached collection Solutions and Mitigations: The issue is resolved in version 8.19.9, 9.1.9, and 9.2.3. For Users that Cannot Upgrade: Users can disable memcached collection in the Network Packet Capture integration if they are using Elastic Agent and would like other network collections to continue. Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2025-68381 _____________________________________________________________________ Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-29) Announcements Security Announcements ismisepaul (Paul) December 18, 2025, 9:13pm 1 Packetbeat Allocation of Resources Without Limits or Throttling (ESA-2025-29) Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat. Affected Versions: 8.x: All versions from 8.6.0 up to and including 8.19.8 9.x: All versions from 9.0.0 up to and including 9.1.8 All versions from 9.2.0 up to and including 9.2.2 Solutions and Mitigations: The issue is resolved in version 8.19.9, 9.1.9, and 9.2.3 Severity: CVSSv3.1: 5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE ID: CVE-2025-68388 Changelog: 2025-12-19: As this does not cause a denial-of-service but rather a degradation, it has been downgraded to a medium severity issue ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================