Vulnerabilities > CVE-2023-31419 - Out-of-bounds Write vulnerability in Elastic Elasticsearch
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
- https://security.netapp.com/advisory/ntap-20231116-0010/
- https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
- https://www.elastic.co/community/security
- https://security.netapp.com/advisory/ntap-20231116-0010/