GHSA-qwrx-45xf-jjf7

Source

https://github.com/advisories/GHSA-qwrx-45xf-jjf7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-qwrx-45xf-jjf7/GHSA-qwrx-45xf-jjf7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qwrx-45xf-jjf7

Aliases

Published

2023-10-26T18:30:23Z

Modified

2024-02-22T05:34:21.779794Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Elasticsearch vulnerable to stack overflow in the search API

Details

A flaw was discovered in Elasticsearch affecting the _search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.

Database specific

{
    "nvd_published_at": "2023-10-26T18:15:08Z",
    "cwe_ids": [
        "CWE-121",
        "CWE-787"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T15:15:50Z"
}

References

Affected packages

Maven / org.elasticsearch:elasticsearch

Package

Name: org.elasticsearch:elasticsearch; View open source insights on deps.dev
Purl: pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.17.13

Affected versions

7.*

7.0.0

7.0.1

7.1.0

7.1.1

7.2.0

7.2.1

7.3.0

7.3.1

7.3.2

7.4.0

7.4.1

7.4.2

7.5.0

7.5.1

7.5.2

7.6.0

7.6.1

7.6.2

7.7.0

7.7.1

7.8.0

7.8.1

7.9.0

7.9.1

7.9.2

7.9.3

7.10.0

7.10.1

7.10.2

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.13.0

7.13.1

7.13.2

7.13.3

7.13.4

7.14.0

7.14.1

7.14.2

7.15.0

7.15.1

7.15.2

7.16.0

7.16.1

7.16.2

7.16.3

7.17.0

7.17.1

7.17.2

7.17.3

7.17.4

7.17.5

7.17.6

7.17.7

7.17.8

7.17.9

7.17.10

7.17.11

7.17.12

Maven / org.elasticsearch:elasticsearch

Package

Name: org.elasticsearch:elasticsearch; View open source insights on deps.dev
Purl: pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.9.1

Affected versions

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.1.3

8.2.0

8.2.1

8.2.2

8.2.3

8.3.0

8.3.1

8.3.2

8.3.3

8.4.0

8.4.1

8.4.2

8.4.3

8.5.0

8.5.1

8.5.2

8.5.3

8.6.0

8.6.1

8.6.2

8.7.0

8.7.1

8.8.0

8.8.1

8.8.2

8.9.0