CVE-2023-31419
published 2023-10-26CVE-2023-31419: A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a…
PriorityP266high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
60.68%
99.0th percentile
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | >= 7.0.0 < 7.17.12 | 7.17.12 |
| elastic | elasticsearch | 7.0.0 – 7.17.12 | — |
| elastic | elasticsearch | >= 8.0.0 < 8.9.0 | 8.9.0 |
| elastic | elasticsearch | 8.0.0 – 8.9.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for high-volume repeated GET requests to /<index>/_search (especially using wildcard index '*') with large JSON bodies containing the 'match' query on 'message' field, as the exploit loops 100 queries with a ~45MB+ payload each. ↗
- →Alert on Elasticsearch Stack Overflow errors or JVM stack overflow exceptions triggered via the _search API, which indicate successful triggering of the DoS condition. ↗
- ·The exploit uses default Elasticsearch credentials (elastic/changeme) and targets port 9200. Deployments that have changed default credentials or restricted network access to port 9200 reduce exposure, but the vulnerability itself is in query parsing and is not credential-dependent. ↗
- ·SSL verification is disabled in the PoC exploit, suggesting the attacker may target HTTP (non-TLS) Elasticsearch endpoints. Environments enforcing TLS with valid certificates may not be targeted by this specific PoC but remain vulnerable to the underlying flaw. ↗
- ·The exploit was tested against Elasticsearch version 8.5.3 and OpenSearch on Ubuntu 20.04 LTS. Other versions may also be affected. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OpenSearch StackOverflow vulnerability
osv·2023-12-01·CVSS 7.5
CVE-2023-31419 [HIGH] OpenSearch StackOverflow vulnerability
OpenSearch StackOverflow vulnerability
### Impact
A flaw was discovered in OpenSearch, affecting the `_search` API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
The issue was identified by Elastic Engineering and corresponds to security advisory [ESA-2023-14](https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297) (CVE-2023-31419).
### Mitigation
Versions 1.3.14 and 2.11.1 contain a fix for this issue.
### For more information
If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [[email protected]](mailto:[email protected]). Please do no
GHSA
OpenSearch StackOverflow vulnerability
ghsa·2023-12-01·CVSS 7.5
CVE-2023-31419 [HIGH] OpenSearch StackOverflow vulnerability
OpenSearch StackOverflow vulnerability
### Impact
A flaw was discovered in OpenSearch, affecting the `_search` API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
The issue was identified by Elastic Engineering and corresponds to security advisory [ESA-2023-14](https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297) (CVE-2023-31419).
### Mitigation
Versions 1.3.14 and 2.11.1 contain a fix for this issue.
### For more information
If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [[email protected]](mailto:[email protected]). Please do no
OSV
CVE-2023-31419: A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimate
osv·2023-10-26·CVSS 7.5
CVE-2023-31419 [HIGH] CVE-2023-31419: A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimate
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
GHSA
Elasticsearch vulnerable to stack overflow in the search API
ghsa·2023-10-26
CVE-2023-31419 [MEDIUM] CWE-121 Elasticsearch vulnerable to stack overflow in the search API
Elasticsearch vulnerable to stack overflow in the search API
A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.
OSV
Elasticsearch vulnerable to stack overflow in the search API
osv·2023-10-26
CVE-2023-31419 [MEDIUM] Elasticsearch vulnerable to stack overflow in the search API
Elasticsearch vulnerable to stack overflow in the search API
A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.
Red Hat
elasticsearch: StackOverflow vulnerability
vendor_redhat·2023-10-26·CVSS 6.5
CVE-2023-31419 [MEDIUM] CWE-121 elasticsearch: StackOverflow vulnerability
elasticsearch: StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
A flaw was found in Elasticsearch. This issue affects the _search API that allowed a specially crafted query string to cause a stack overflow and, ultimately, a denial of service.
Package: openshift-logging/elasticsearch6-rhel8 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: openshift-logging/fluentd-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: openshift-logging/kibana6-rhel8 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: elasticsearch (Red Hat JBoss Fuse Service Works 6) - Out of support scope
Package: qua
No detection rules found.
https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297https://security.netapp.com/advisory/ntap-20231116-0010/https://www.elastic.co/community/securityhttps://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297https://security.netapp.com/advisory/ntap-20231116-0010/https://www.elastic.co/community/security
2023-10-26
Published