Home > Vulnerability Database > CVE-2023-31418

Mend.io Vulnerability Database

CVE-2023-31418

Good to know:

Date: October 26, 2023

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

Language: Java

Severity Score

7.5

Related Resources (6)

Url: https://security.netapp.com/advisory/ntap-20231130-0005/

Url: https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616

Url: https://security.netapp.com/advisory/ntap-20231130-0005

Url: https://www.elastic.co/community/security

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-31418

Url: https://www.mend.io/vulnerability-database/CVE-2023-31418

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version org.elasticsearch:elasticsearch:8.9.0;org.elasticsearch:elasticsearch:7.17.13

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-31418

Good to know:

Date: October 26, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?