Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-31418

Опубликовано: 26 окт. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. This flaw allows an unauthenticated user to force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/fluentd-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Red Hat JBoss Fuse Service Works 6elasticsearchOut of support scope
Red Hat Quay 3quay/quay-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2246938elasticsearch: uncontrolled resource consumption

EPSS

Процентиль: 69%
0.00625
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-31418

CVSS3: 7.5
ubuntu
почти 2 года назад

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

nvd логотип

CVE-2023-31418

CVSS3: 7.5
nvd
почти 2 года назад

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

debian логотип

CVE-2023-31418

CVSS3: 7.5
debian
почти 2 года назад

An issue has been identified with how Elasticsearch handled incoming r ...

github логотип

GHSA-2cqf-6xv9-f22w

CVSS3: 7.5
github
почти 2 года назад

Elasticsearch vulnerable to Uncontrolled Resource Consumption

fstec логотип

BDU:2023-07913

CVSS3: 7.5
fstec
почти 2 года назад

Уязвимость поисковой системы Elasticsearch, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 69%
0.00625
Низкий

7.5 High

CVSS3

Уязвимость CVE-2023-31418