CVE-2023-6481 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-6481

CVE-2023-6481

December 04, 2023

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Affected Packages

ch.qos.logback:logback-core (JAVA):

Affected version(s) =1.2.12 <1.2.13

Fix Suggestion:

Update to version 1.2.13

ch.qos.logback:logback-core (JAVA):

Affected version(s) =1.3.13 <1.3.14

Fix Suggestion:

Update to version 1.3.14

ch.qos.logback:logback-core (JAVA):

Affected version(s) =1.4.13 <1.4.14

Fix Suggestion:

Update to version 1.4.14

Related Resources (6)

https://github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578

https://logback.qos.ch/news.html#1.3.14

https://github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f

https://nvd.nist.gov/vuln/detail/CVE-2023-6481

https://logback.qos.ch/news.html#1.3.12

https://github.com/qos-ch/logback

Do you need more information?

CVSS v4

Base Score:

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

HIGH

CVSS v3

Base Score:

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

EPSS

Base Score:

0.22

Products

Solutions

Resources

Company

Compare

Developer Tools