Beats Denial of Service issue (ESA-2020-16)
A denial of service flaw when parsing malformed TLS public keys was discovered in Go, the language used to implement Beats. If Beats is configured to listen for Syslog over TLS, or if Beats is making outbound connections over HTTPS, a remote attacker could cause the Beats process to crash. The attacker must be able to present a specially malformed TLS public key to the Beat.
Affected Versions:
All Beats versions before 7.10.1
Solutions and Mitigations:
Inbound HTTPS connections to Beats are not affected by this issue, the Beats process is able to recover from receiving a malformed key.
Users should upgrade to Beats version 7.10.1.
Elastic is unable to upgrade Beats version 6.8 due to the version of Go used. We consider this flaw to be low enough severity that a possible fix poses a greater risk than the issue itself. Users unable to upgrade to version 7.10.1 can mitigate this vulnerability by using host based network controls such as a firewall or proxy.
CVSSv3: 4.3 - AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE ID: CVE-2020-28362