CVE-2017-11480

Description

A local attacker can cause a panic if they are able to send arbitrary traffic to a monitored port, due to an out of bounds read.

How to fix CVE-2017-11480

To remediate CVE-2017-11480, upgrade the affected package to a fixed version below.

• Go/github.com/elastic/beats—upgrade to 5.6.4 or later
• Go/github.com/elastic/beats—upgrade to 6.1.0+incompatible or later

Is CVE-2017-11480 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 5.6.4
• from 0, < 6.1.0+incompatible

CVSS scores

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-11480
• PATCHgithub.com/elastic/beats
• WEBdiscuss.elastic.co/t/beats-5-6-4-security-update/106739
• WEBgithub.com/elastic/beats/commit/aeca65779d573976981587ca1d1461399e1b59dd
• WEB