Main Vulnerability Database Exploits ID:9296 - Exploit for Out-of-bounds read in Elasticsearch - CVE-2021-22145

ID:9296 - Exploit for Out-of-bounds read in Elasticsearch - CVE-2021-22145

Published: September 7, 2023

Vulnerability identifier: #VU67519

Vulnerability risk: High

CVE-ID: CVE-2021-22145

CWE-ID: CWE-125

Exploitation vector: Remote access

Vulnerable software:
Elasticsearch

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/http/elasticsearch_memory_disclosure

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in Elasticsearch error reporting. A remote attacker can submit a malformed query that would result in an error message returned containing previously used portions of a data buffer with sensitive information such as Elasticsearch documents or authentication details.

Remediation

Install updates from vendor's website.

ID:9296 - Exploit for Out-of-bounds read in Elasticsearch - CVE-2021-22145

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human