CVE-2023-31418

Опубликовано: 26 окт. 2023

Источник: redhat

CVSS3: 7.5

Описание

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. This flaw allows an unauthenticated user to force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/elasticsearch6-rhel8	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/fluentd-rhel8	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/kibana6-rhel8	Not affected
Red Hat JBoss Fuse Service Works 6	elasticsearch	Out of support scope
Red Hat Quay 3	quay/quay-rhel8	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2246938elasticsearch: uncontrolled resource consumption

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-31418

CVSS3: 7.5

ubuntu

больше 2 лет назад

CVE-2023-31418

CVSS3: 7.5

nvd

больше 2 лет назад

CVE-2023-31418

CVSS3: 7.5

debian

больше 2 лет назад

An issue has been identified with how Elasticsearch handled incoming r ...

GHSA-2cqf-6xv9-f22w

CVSS3: 7.5

github

больше 2 лет назад

Elasticsearch vulnerable to Uncontrolled Resource Consumption

BDU:2023-07913

CVSS3: 7.5

fstec

больше 2 лет назад

Уязвимость поисковой системы Elasticsearch, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3