CVE-2023-31419 — Elasticsearch vulnerable to stack overflow in the search API

Description

A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.

How to fix CVE-2023-31419

To remediate CVE-2023-31419, upgrade the affected package to a fixed version below.

Bitnami/elasticsearch—upgrade to 7.17.13 or later
—upgrade to 7.17.13 or later

Is CVE-2023-31419 being exploited?

Moderate — EPSS is 35.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

>= 7.0.0, < 7.17.13, >= 8.0.0, < 8.9.1
>= 7.0.0, < 7.17.13

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-31419
WEBdiscuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
WEBsecurity.netapp.com/advisory/ntap-20231116-0010
WEBsecurity.netapp.com/advisory/ntap-20231116-0010/