CVE-2023-31418
Elasticsearch uncontrolled resource consumption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
Se identificó un problema con la forma en que Elasticsearch manejó las solicitudes entrantes en la capa HTTP. Un usuario no autenticado podría forzar la salida de un nodo de Elasticsearch con un error OutOfMemory enviando una cantidad moderada de solicitudes HTTP con formato incorrecto. El problema fue identificado por Elastic Engineering y no tenemos indicios de que se conozca o de que esté siendo explotado en la naturaleza.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-04-27 CVE Reserved
- 2023-10-26 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20231130-0005 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 | 2023-11-30 | |
| https://www.elastic.co/community/security | 2023-11-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elastic Search vendor "Elastic" | Elasticsearch Search vendor "Elastic" for product "Elasticsearch" | <= 7.17.12 Search vendor "Elastic" for product "Elasticsearch" and version " <= 7.17.12" | - |
Affected
| ||||||
| Elastic Search vendor "Elastic" | Elasticsearch Search vendor "Elastic" for product "Elasticsearch" | >= 8.0.0 <= 8.8.2 Search vendor "Elastic" for product "Elasticsearch" and version " >= 8.0.0 <= 8.8.2" | - |
Affected
| ||||||
| Elastic Search vendor "Elastic" | Elastic Cloud Enterprise Search vendor "Elastic" for product "Elastic Cloud Enterprise" | <= 2.13.3 Search vendor "Elastic" for product "Elastic Cloud Enterprise" and version " <= 2.13.3" | - |
Affected
| ||||||
| Elastic Search vendor "Elastic" | Elastic Cloud Enterprise Search vendor "Elastic" for product "Elastic Cloud Enterprise" | 3.6.0 Search vendor "Elastic" for product "Elastic Cloud Enterprise" and version "3.6.0" | - |
Affected
| ||||||