Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-31418

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

Published

2023-10-26T18:15:08.587

Last Modified

2024-11-21T08:01:49.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	elasticsearch	≤ 7.17.12	Yes
Application	elastic	elasticsearch	≤ 8.8.2	Yes
Application	elastic	elastic_cloud_enterprise	≤ 2.13.3	Yes
Application	elastic	elastic_cloud_enterprise	3.6.0	Yes

References

https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20231130-0005/ ([email protected])
https://www.elastic.co/community/security Vendor Advisory ([email protected])
https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231130-0005/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)