Bug 1188880 - (CVE-2021-22144) VUL-1: CVE-2021-22144: elasticsearch: uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser
(CVE-2021-22144)
VUL-1: CVE-2021-22144: elasticsearch: uncontrolled recursion vulnerability th...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/305193/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-29 09:01 UTC by Robert Frohl
Modified: 2021-08-12 09:02 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-07-29 09:01:09 UTC
CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion
vulnerability that could lead to a denial of service attack was identified in
the Elasticsearch Grok parser. A user with the ability to submit arbitrary
queries to Elasticsearch could create a malicious Grok query that will crash the
Elasticsearch node.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22144
https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100
Comment 2 Jan Zerebecki 2021-08-11 12:27:19 UTC
Issue was fixed in https://github.com/elastic/elasticsearch/pull/74772 . Following the history the code is introduced in
https://github.com/elastic/elasticsearch/commit/464b46437febebce3b9f1506630e3563f1fff5d1 which is a newer version (>4) than what SOC9 ships (2.4.2).

Thus the issue does not exist in any version of the SOC product.
Comment 3 Gianluca Gabrielli 2021-08-12 09:02:13 UTC
Thanks for your input Jan, I proceed by closing this bug.