Vulnerability

CVE-2023-31418

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400

References

https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
https://github.com/elastic/elasticsearch/pull/97683
https://github.com/elastic/elasticsearch/pull/97885
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31418

[CVE-2023-31418] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Description

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up
See org.elasticsearch/elasticsearch package information