Описание
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
A flaw was found in Elasticsearch. An allocation of resources without limits or throttling can lead to an OutOfMemoryError exception, resulting in a crash via a specially crafted query using an SQL function.
Отчет
Red Hat rated this issue as moderate because successful exploitation results in an application level denial-of-service condition only, without any impact on confidentiality or integrity. The vulnerability requires an authenticated user to submit a specially crafted SQL query, and while it can crash the Elasticsearch service through uncontrolled resource allocation, it does not permit data access, data modification, or remote code execution. Thus, the impact is limited to service availability, leading to a moderate severity classification.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
An allocation of resources without limits or throttling in Elasticsear ...
Elasticsearch allocation of resources without limits or throttling leads to crash
Уязвимость поисковой системы Elasticsearch, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
6.5 Medium
CVSS3