Packetbeat is a monitoring tool used to collect and forward logs from Elasticsearch. This vulnerability allows an unauthenticated remote attacker to perform a buffer overflow via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
You're affected if you use Packetbeat version 7.x or 8.x. Check with: rpm -ql packetbeat on RPM-based systems or dpkg -L /usr/lib/systemd/system/packetbeat.service on Debian-based systems to verify the installed version.
Upgrade to Packetbeat 8.19.9, 9.1.9, or 9.2.3 from the official Elasticsearch website: https://www.elastic.co/downloads/packetbeat
- If immediate upgrade isn't possible:
- Restrict network access to your Packetbeat instance (firewall it from the public internet)
- Audit RPC message processing for suspicious patterns
- Monitor for signs of an out-of-bounds read