Bug 1987299 (CVE-2021-22144) - CVE-2021-22144 elasticsearch: uncontrolled recursion in Grok parser
Summary: CVE-2021-22144 elasticsearch: uncontrolled recursion in Grok parser
Keywords:
Status: NEW
Alias: CVE-2021-22144
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1987300 1987301 1987303
Blocks: 1987302
TreeView+ depends on / blocked
 
Reported: 2021-07-29 13:09 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-08-12 04:38 UTC (History)
50 users (show)

Fixed In Version: elasticsearch 7.13.3, elasticsearch 6.8.17
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Elasticsearch. An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. This flaw allows a user who can submit arbitrary queries to Elasticsearch to create a malicious Grok query that crashes the Elasticsearch node. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-07-29 13:09:04 UTC
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

Reference:
https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100

Comment 1 Guilherme de Almeida Suckevicz 2021-07-29 13:10:49 UTC
Created python-elasticsearch tracking bugs for this issue:

Affects: epel-all [bug 1987301]
Affects: fedora-all [bug 1987303]
Affects: openstack-rdo [bug 1987300]

Comment 2 Jonathan Christison 2021-07-30 14:00:24 UTC
This vulnerability is out of security support scope for the following products:

 * Red Hat JBoss Data Grid 6
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss Fuse Service Works 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 6 juneau 2021-08-09 15:51:30 UTC
Marking Hosted OpenShift Clusters "notaffected" per ./#/task/1987302#comment8


Note You need to log in before you can comment on or make changes to this bug.