CVE-2021-22144

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22144
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22144.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22144
Aliases
Downstream
Published
2021-07-26T12:15:08.547Z
Modified
2026-03-13T00:55:33.820443Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
206f6a2512f2ca690999b77a5c759ab214536b82
Introduced
b7e28a7232616c7a21bc879a535d801b8553ba77
Fixed
5d21bea28db1e89ecc1f66311ebdec9dc3aa7d64
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.8.17"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.13.3"
        }
    ]
}

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-22144-094892b5",
        "source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
        "target": {
            "file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"
        },
        "digest": {
            "line_hashes": [
                "46306908087834685596391033629543643063",
                "309639364621793396813014594316873131855",
                "29128284626522818738713589723885160495",
                "161871899510850400620560954403845436989",
                "11189868176976358190645651809106375237",
                "252283072025772185312066259196494384069",
                "186764478831357170795648974055168900478",
                "16834889254463775560960843331988962190",
                "336340090449089775032792466573808690249",
                "120694549646089050654449180204196627811",
                "91447881726955768689021406281828727085",
                "169835636148755964864088097702761135007",
                "164818499281119662862618001252267262545",
                "142654126224155807598745608946083563969",
                "113745486366100676625722287093107010606",
                "159318981080328462933766738409863797493",
                "313525545417608629117318777636242382908",
                "309751647087901041984143822284033753378",
                "101508310946298798877821549722829592093",
                "183220078846225271179781572169631705799"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-22144-729625b6",
        "source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
        "target": {
            "file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java",
            "function": "Grok"
        },
        "digest": {
            "length": 511.0,
            "function_hash": "78606588141394941292377601035551429948"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-22144-743d25e2",
        "source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
        "target": {
            "file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java",
            "function": "forbidCircularReferences"
        },
        "digest": {
            "length": 338.0,
            "function_hash": "314977716389471019717029041633733458541"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-22144-e1f0827d",
        "source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
        "target": {
            "file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java",
            "function": "innerForbidCircularReferences"
        },
        "digest": {
            "length": 1164.0,
            "function_hash": "331130921924370190697642416796273392643"
        },
        "signature_type": "Function"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.8.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22144.json"