Bug 1188880 (CVE-2021-22144)

Summary: VUL-1: CVE-2021-22144: elasticsearch: uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: cloud-bugs, gianluca.gabrielli, jzerebecki, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/305193/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2021-07-29 09:01:09 UTC
CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion
vulnerability that could lead to a denial of service attack was identified in
the Elasticsearch Grok parser. A user with the ability to submit arbitrary
queries to Elasticsearch could create a malicious Grok query that will crash the
Elasticsearch node.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22144
https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100
Comment 2 Jan Zerebecki 2021-08-11 12:27:19 UTC
Issue was fixed in https://github.com/elastic/elasticsearch/pull/74772 . Following the history the code is introduced in
https://github.com/elastic/elasticsearch/commit/464b46437febebce3b9f1506630e3563f1fff5d1 which is a newer version (>4) than what SOC9 ships (2.4.2).

Thus the issue does not exist in any version of the SOC product.
Comment 3 Gianluca Gabrielli 2021-08-12 09:02:13 UTC
Thanks for your input Jan, I proceed by closing this bug.