cvelistv5 - cve-2023-31419

URL	Tags
bressers@elastic.co	https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297	Vendor Advisory
bressers@elastic.co	https://security.netapp.com/advisory/ntap-20231116-0010/	Third Party Advisory
bressers@elastic.co	https://www.elastic.co/community/security	Vendor Advisory

▼	Vendor	Product
	Elastic	Elasticsearch

ghsa-qwrx-45xf-jjf7

Vulnerability from github

Published

2023-10-26 18:30

Modified

2023-10-30 15:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Elasticsearch vulnerable to stack overflow in the search API

Details

A flaw was discovered in Elasticsearch affecting the _search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.17.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-31419"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T15:15:50Z",
    "nvd_published_at": "2023-10-26T18:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.",
  "id": "GHSA-qwrx-45xf-jjf7",
  "modified": "2023-10-30T15:15:50Z",
  "published": "2023-10-26T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31419"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231116-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Elasticsearch vulnerable to stack overflow in the search API"
}

wid-sec-w-2023-2387

Vulnerability from csaf_certbund

Published

2023-09-18 22:00

Modified

2024-02-08 23:00

Summary

Elasticsearch: Schwachstelle ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Elasticsearch ist eine Open Source, verteilte Echtzeit-Suche und Analyse-Engine.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Elasticsearch ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Elasticsearch ist eine Open Source, verteilte Echtzeit-Suche und Analyse-Engine.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Elasticsearch ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2387 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2387.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2387 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2387"
      },
      {
        "category": "external",
        "summary": "Elastic Security Update vom 2023-09-18",
        "url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2023-31419",
        "url": "https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419"
      }
    ],
    "source_lang": "en-US",
    "title": "Elasticsearch: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2024-02-08T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:44:31.782+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2387",
      "initial_release_date": "2023-09-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-08T23:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 7.17.13",
                "product": {
                  "name": "Open Source Elasticsearch \u003c 7.17.13",
                  "product_id": "T029746",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:elasticsearch:elasticsearch:7.17.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 8.9.1",
                "product": {
                  "name": "Open Source Elasticsearch \u003c 8.9.1",
                  "product_id": "T029957",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:elasticsearch:elasticsearch:8.9.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Elasticsearch"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-31419",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Elasticsearch. Diese ist auf einen Stack-Overflow zur\u00fcckzuf\u00fchren, welcher zu einem Absturz f\u00fchrt. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "release_date": "2023-09-18T22:00:00Z",
      "title": "CVE-2023-31419"
    }
  ]
}

gsd-2023-31419

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

Aliases

CVE-2023-31419

Aliases

CVE-2023-31419

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-31419",
    "id": "GSD-2023-31419"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-31419"
      ],
      "details": "A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.\n\n\n\n\n",
      "id": "GSD-2023-31419",
      "modified": "2023-12-13T01:20:29.534167Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@elastic.co",
        "ID": "CVE-2023-31419",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Elasticsearch",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.0.0",
                          "version_value": "7.17.12"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "8.0.0",
                          "version_value": "8.9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Elastic"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.\n\n\n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-121",
                "lang": "eng",
                "value": "CWE-121: Stack-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297",
            "refsource": "MISC",
            "url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297"
          },
          {
            "name": "https://www.elastic.co/community/security",
            "refsource": "MISC",
            "url": "https://www.elastic.co/community/security"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231116-0010/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231116-0010/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F7C6A492-CB85-4518-923D-891BC5AC2E15",
                    "versionEndIncluding": "7.17.12",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D22C8382-A8A1-49DF-8748-6E38EC8D8DD3",
                    "versionEndIncluding": "8.9.0",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.\n\n\n\n\n"
          },
          {
            "lang": "es",
            "value": "Se descubri\u00f3 una falla en Elasticsearch que afectaba a la API _search y permit\u00eda que una cadena de consulta especialmente manipulada provocara un desbordamiento de pila y, en \u00faltima instancia, una denegaci\u00f3n de servicio."
          }
        ],
        "id": "CVE-2023-31419",
        "lastModified": "2024-02-01T02:16:30.827",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "bressers@elastic.co",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-10-26T18:15:08.647",
        "references": [
          {
            "source": "bressers@elastic.co",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297"
          },
          {
            "source": "bressers@elastic.co",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0010/"
          },
          {
            "source": "bressers@elastic.co",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.elastic.co/community/security"
          }
        ],
        "sourceIdentifier": "bressers@elastic.co",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-121"
              }
            ],
            "source": "bressers@elastic.co",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Action not permitted

cve-2023-31419

Vulnerability from cvelistv5

ghsa-qwrx-45xf-jjf7

Vulnerability from github

wid-sec-w-2023-2387

Vulnerability from csaf_certbund

gsd-2023-31419

Vulnerability from gsd

Tags