1987299 – (CVE-2021-22144) CVE-2021-22144 elasticsearch: uncontrolled recursion in Grok parser

Bug 1987299 (CVE-2021-22144) - CVE-2021-22144 elasticsearch: uncontrolled recursion in Grok parser

Summary: CVE-2021-22144 elasticsearch: uncontrolled recursion in Grok parser

Keywords:
Status:	NEW
Alias:	CVE-2021-22144
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1987301 1987300 1987303
Blocks:	1987302
TreeView+	depends on / blocked

Reported:	2021-07-29 13:09 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-03-15 08:01 UTC (History)
CC List:	46 users (show)
Fixed In Version:	elasticsearch 7.13.3, elasticsearch 6.8.17
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Elasticsearch. An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. This flaw allows a user who can submit arbitrary queries to Elasticsearch to create a malicious Grok query that crashes the Elasticsearch node. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-07-29 13:09:04 UTC

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

Reference:
https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100

Comment 1 Guilherme de Almeida Suckevicz 2021-07-29 13:10:49 UTC

Created python-elasticsearch tracking bugs for this issue:

Affects: epel-all [bug 1987301]
Affects: fedora-all [bug 1987303]
Affects: openstack-rdo [bug 1987300]

Comment 2 Jonathan Christison 2021-07-30 14:00:24 UTC

This vulnerability is out of security support scope for the following products:

 * Red Hat JBoss Data Grid 6
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss Fuse Service Works 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 5 Hardik Vyas 2021-08-05 10:27:25 UTC

Upstream fix: https://github.com/elastic/elasticsearch/commit/eec9eefc636460fdc3132ff103581b81a5edd5d3

Comment 6 juneau 2021-08-09 15:51:30 UTC

Marking Hosted OpenShift Clusters "notaffected" per ./#/task/1987302#comment8

Note You need to log in before you can comment on or make changes to this bug.

aileenc
akoufoud
alazarot
anstephe
aos-bugs
apevec
bmontgom
chazlett
dbecker
dbruno
eparis
ewolinet
fjansen
gmalinko
gvarsami
ibek
janstey
jburrell
jcantril
jcoleman
jjoyce
jochrist
jrokos
jschluet
jwendell
jwon
kverlaen
ldimaggi
lhh
lpeer
mburns
mnovotny
nstielau
nwallace
pantinor
piotr1212
pjindal
rcernich
rfreiman
rwagner
sclewis
slinaber
sponnaga
steve.traylen
tcunning
twalsh