Bug 2246938 (CVE-2023-31418)
Summary: | CVE-2023-31418 elasticsearch: uncontrolled resource consumption | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aileenc, bdettelb, chazlett, gmalinko, janstey, jcantril, periklis |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | elasticsearch 7.17.13, elasticsearch 8.9.0 | Doc Type: | --- |
Doc Text: |
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. This flaw allows an unauthenticated user to force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2246939 |
Description
Avinash Hanwate
2023-10-30 08:25:48 UTC
|