CVE-2023-6378

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Database specific

{
    "cna_assigner": "NCSC.ch",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6378.json"
}

References

Affected packages

Git / github.com/qos-ch/logback

Affected ranges

Type

GIT

Repo

https://github.com/qos-ch/logback

Events

Introduced

dc4ed6962985897ea4a3a0318111cdef6993d620

Fixed

2648b9e7fbb47426c89b9c93b411c07484e8f277

Introduced

50449f830bd46bd547016b49475d2760686b15be

Fixed

0df4ec15d45301b5d0a6e2de6466a17944c3a871

Introduced

e83403e15547abb077d5957e4fb8a302293541dc

Fixed

88abf59a18720854f4f55feb8d8f6951cfaf6037

Database specific

{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.13"
        },
        {
            "introduced": "1.3.0"
        },
        {
            "fixed": "1.3.12"
        },
        {
            "introduced": "1.4.0"
        },
        {
            "fixed": "1.4.12"
        }
    ],
    "cpe": "cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:*"
}

Affected versions

Other

possible_mvn_issue

v1.*

v1.3.2

v1.4.2

v_1.*

v_1.2.0

v_1.2.1

v_1.2.10

v_1.2.11

v_1.2.12

v_1.2.2

v_1.2.3

v_1.2.4

v_1.2.5

v_1.2.6

v_1.2.7

v_1.2.8

v_1.2.9

v_1.3.0

v_1.3.1

v_1.3.10

v_1.3.11

v_1.3.3

v_1.3.4

v_1.3.5

v_1.3.6

v_1.3.7

v_1.3.8

v_1.3.9

v_1.4.0

v_1.4.1

v_1.4.10

v_1.4.11

v_1.4.3

v_1.4.4

v_1.4.5

v_1.4.6

v_1.4.7

v_1.4.8

v_1.4.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6378.json"