CVE-2023-6378

Summary

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Affected Software

VendorProductVersion RangeStatus
QOS.CH Sarllogback1.4.12unaffected
QOS.CH Sarllogback1.3.12unaffected
QOS.CH Sarllogback1.2.13unaffected

Weaknesses

  • Denial-of-service using poisoned data

Workarounds

Only environments where logback receiver is deployed are vulnerable.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References