Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-31419Stack-based Buffer Overflow in Elasticsearch

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write9 documents6 sources
Severity
7.5HIGHNVD
CNA6.5
EPSS
30.3%
top 3.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Elastic Elasticsearch
Timeline
PublishedOct 26
Latest updateFeb 9

Description

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elasticsearch7.0.07.17.12+1
NVDelastic/elasticsearch7.0.07.17.12+1

🔴Vulnerability Details

6
OSV
OpenSearch StackOverflow vulnerability2023-12-01
GHSA
OpenSearch StackOverflow vulnerability2023-12-01
CVEList
Elasticsearch StackOverflow vulnerability2023-10-26
OSV
CVE-2023-31419: A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimate2023-10-26
GHSA
Elasticsearch vulnerable to stack overflow in the search API2023-10-26

💥Exploits & PoCs

1
Exploit-DB
Elasticsearch - StackOverflow DoS2024-02-09

📋Vendor Advisories

1
Red Hat
elasticsearch: StackOverflow vulnerability2023-10-26
CVE-2023-31419 — Stack-based Buffer Overflow in Elastic | cvebase