CVE-2023-31419 Elasticsearch StackOverflow vulnerability

2023-10-2617:06:14

CWE-121

elastic

www.cve.org

elasticsearch

api

stackoverflow

dos

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.2%

JSON

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Elasticsearch",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThan": "7.17.12",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.9.0",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      }
    ]
  }
]