CVE-2021-22144

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.13.3 Elasticsearch versions prior to 6.8.17

Description: An uncontrolled recursion issue in the Elasticsearch Grok parser could lead to a denial of service attack. A user who can submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

Recommendations: For versions prior to 7.13.3, update to version 7.13.3 or later. For versions prior to 6.8.17, update to version 6.8.17 or later. As a temporary workaround, consider restricting access to the Grok parser to minimize the risk of exploitation.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BIT-ELASTICSEARCH-2021-22144

CVE-2021-22144

GHSA-3393-HVRJ-W7V3

Affected Products

Elasticsearch

CVE-2021-22144

Weakness Enumeration

Related Identifiers

Affected Products

References · 13