2246938 – (CVE-2023-31418) CVE-2023-31418 elasticsearch: uncontrolled resource consumption

Bug 2246938 (CVE-2023-31418) - CVE-2023-31418 elasticsearch: uncontrolled resource consumption

Summary: CVE-2023-31418 elasticsearch: uncontrolled resource consumption

Keywords:
Status:	NEW
Alias:	CVE-2023-31418
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2246939
TreeView+	depends on / blocked

Reported:	2023-10-30 08:25 UTC by Avinash Hanwate
Modified:	2023-11-21 20:34 UTC (History)
CC List:	7 users (show)
Fixed In Version:	elasticsearch 7.17.13, elasticsearch 8.9.0
Doc Type:	---
Doc Text:	An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. This flaw allows an unauthenticated user to force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2023-10-30 08:25:48 UTC

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
https://www.elastic.co/community/security

Note You need to log in before you can comment on or make changes to this bug.