CVE-2023-31419

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 26, 2023

Updated: Feb 1, 2024

CWE ID 121

CWE ID 787

Summary

CVE-2023-31419 is a vulnerability affecting Elasticsearch's _search API. A specially crafted query string can cause a Stack Overflow, ultimately leading to a Denial of Service (DoS) attack. The flaw allows an attacker to exhaust system resources, making the Elasticsearch instance unresponsive or even crash it. To mitigate this issue, it's essential to apply the available patch or update to the latest Elasticsearch version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elasticsearch

Affected Vendors

Elastic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/suzav6
https://www.cve.org/CVERecord?id=CVE-2023-31419
https://nvd.nist.gov/vuln/detail/CVE-2023-31419

Back to Vulnerability Database