An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

Affected Packages

Maven org.elasticsearch:elasticsearch

Affected versions: 0 (fixed in 7.17.13)

Maven org.elasticsearch:elasticsearch

Affected versions: 8.0.0 (fixed in 8.9.0)

Related CVEs

CVE-2023-31418

Key Information

GHSA ID

GHSA-2cqf-6xv9-f22w

Published

October 26, 2023 6:30 PM

Last Modified

October 30, 2023 3:10 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.elasticsearch:elasticsearch

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.