CVE-2023-31418 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-31418 Interim 1 4 2025-02-16T02:14:47Z current 2023-11-02T00:11:05Z 2025-02-16T02:14:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-31418 An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 elasticsearch elasticsearch as a component of HPE Helion OpenStack 8 elasticsearch as a component of SUSE OpenStack Cloud 8 elasticsearch as a component of SUSE OpenStack Cloud 9 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 8 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 9 An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. CVE-2023-31418 HPE Helion OpenStack 8:elasticsearch SUSE OpenStack Cloud 8:elasticsearch SUSE OpenStack Cloud 9:elasticsearch SUSE OpenStack Cloud Crowbar 8:elasticsearch SUSE OpenStack Cloud Crowbar 9:elasticsearch important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H