CVE-2023-31418

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Elasticsearch (affected versions not specified)

Description The issue is related to how Elasticsearch handles incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. There is no indication that the issue is known or that it is being exploited in the wild.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2023-07913

BIT-ELASTICSEARCH-2023-31418

CVE-2023-31418

GHSA-2CQF-6XV9-F22W

Affected Products

Elasticsearch

CVE-2023-31418

Weakness Enumeration

Related Identifiers

Affected Products

References · 17