BIT-elasticsearch-2023-31419
denial of service vulnerability in elasticsearch (Maven)
What is BIT-elasticsearch-2023-31419 About?
This flaw in Elasticsearch's `_search` API allows a specially crafted query string to cause a stack overflow. This ultimately leads to a denial of service on the affected Elasticsearch node. Exploitation is relatively easy, requiring specific malformed queries.
Affected Software
- org.elasticsearch:elasticsearch
- >7.0.0, <7.17.13
- >8.0.0, <8.9.1
Technical Details
The vulnerability resides in the _search API of Elasticsearch. An attacker can craft a specific query string that, when processed by the _search API, triggers a recursive or deeply nested operation. This malformed query causes the processing thread to exhaust its call stack, resulting in a stack overflow error. The stack overflow, being an unrecoverable error for the thread, leads to the termination of the Elasticsearch process or node, thereby causing a denial of service. The flaw exploits how the API handles complex or malformed query structures, rather than an explicit code injection.
What is the Impact of BIT-elasticsearch-2023-31419?
Successful exploitation may allow attackers to cause a denial of service by triggering a stack overflow and crashing the Elasticsearch node, disrupting service availability.
What is the Exploitability of BIT-elasticsearch-2023-31419?
Exploitation is possible remotely and does not require authentication. An attacker needs to be able to send HTTP requests to the Elasticsearch _search API. The complexity is moderate, requiring the creation of a specifically malformed query string designed to induce a stack overflow. There are no special conditions or constraints beyond crafting the query. The main risk factor is the exposure of the Elasticsearch _search API to untrusted network traffic, making it accessible to potential attackers.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| sqrtZeroKnowledge | Link | Elasticsearch Stack Overflow Vulnerability |
| u238 | Link | Elasticsearch DoS CVE-2023-31419 exploit |
What are the Available Fixes for BIT-elasticsearch-2023-31419?
Available Upgrade Options
- org.elasticsearch:elasticsearch
- >7.0.0, <7.17.13 → Upgrade to 7.17.13
- org.elasticsearch:elasticsearch
- >8.0.0, <8.9.1 → Upgrade to 8.9.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.netapp.com/advisory/ntap-20231116-0010
- https://www.elastic.co/community/security
- https://osv.dev/vulnerability/GHSA-qwrx-45xf-jjf7
- https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
- https://www.elastic.co/community/security
- https://security.netapp.com/advisory/ntap-20231116-0010/
- https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
- https://nvd.nist.gov/vuln/detail/CVE-2023-31419
What are Similar Vulnerabilities to BIT-elasticsearch-2023-31419?
Similar Vulnerabilities: CVE-2023-31418 , CVE-2022-31677 , CVE-2021-22926 , CVE-2020-7014 , CVE-2019-10247
