CVE-2023-6378

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-6378

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6378.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-6378

Aliases

GHSA-vmq6-5m68-f53m

Downstream

CLEANSTART-2026-CI66802

DEBIAN-CVE-2023-6378

MINI-364p-p32q-2x4h

MINI-f6x7-xhv9-x89q

MINI-xwff-p4rp-mcgx

OESA-2023-1946

ROOT-APP-MAVEN-CVE-2023-6378

UBUNTU-CVE-2023-6378

USN-7616-1

openSUSE-SU-2025:15597-1

Related

Published

2023-11-29T12:02:37.496Z

Modified

2026-05-15T04:06:45.237157242Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

Logback "receiver" DOS vulnerability

Details

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6378.json",
    "cna_assigner": "NCSC.ch"
}

References

Affected packages