CVE-2024-37280
published 2024-06-13CVE-2024-37280: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under…
PriorityP420medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.53%
40.6th percentile
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | >= 8.13.1 < 8.14.0 | 8.14.0 |
| elastic | elasticsearch | 8.13.1 – 8.13.4 | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv4.9MEDIUM
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Elasticsearch StackOverflow vulnerability
ghsa·2024-06-13
CVE-2024-37280 [MEDIUM] CWE-122 Elasticsearch StackOverflow vulnerability
Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
OSV
Elasticsearch StackOverflow vulnerability
osv·2024-06-13
CVE-2024-37280 [MEDIUM] Elasticsearch StackOverflow vulnerability
Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
OSV
CVE-2024-37280: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type
osv·2024-06-13·CVSS 4.9
CVE-2024-37280 [MEDIUM] CVE-2024-37280: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
Red Hat
elasticsearch: Ingesting documents in this index would cause a StackOverflow exception
vendor_redhat·2024-06-07·CVSS 4.9
CVE-2024-37280 [MEDIUM] CWE-121 elasticsearch: Ingesting documents in this index would cause a StackOverflow exception
elasticsearch: Ingesting documents in this index would cause a StackOverflow exception
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
A flaw was found in Elasticsearch that affects document ingestion when an index template contains a dynamic field mapping of the “passthrough” type. Under certain circumstances, ingesting documents in this index can cause a StackOverflow exception to be thrown, leading to a denial of service.
Package: openshift-logging/fluentd-rhel9 (Logging Sub
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-13
Published