CVE-2024-43709
published 2025-01-21CVE-2024-43709: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.60%
44.1th percentile
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | >= 7.17.0 < 7.17.21 | 7.17.21 |
| elastic | elasticsearch | >= 7.17.0, 8.0.0 < 7.17.21, 8.13.3 | 7.17.21, 8.13.3 |
| elastic | elasticsearch | >= 8.0.0 < 8.13.3 | 8.13.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_oracle7.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) — CVE-2024-43709
vendor_oracle·2025-04-15·CVSS 7.5
CVE-2024-43709 [MEDIUM] Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) — CVE-2024-43709
Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) vulnerability
CVE: CVE-2024-43709
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
Red Hat
elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
vendor_redhat·2025-01-21·CVSS 6.5
CVE-2024-43709 [MEDIUM] CWE-770 elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
A flaw was found in Elasticsearch. An allocation of resources without limits or throttling can lead to an OutOfMemoryError exception, resulting in a crash via a specially crafted query using an SQL function.
Statement: Red Hat rated this issue as moderate because successful exploitation results in an application level denial-of-service condition only, without any impact on confidentiality or integrity. The vulnerability requires an authenticated user to submit a specially crafted SQL query, and while it ca
OSV
CVE-2024-43709: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a speciall
osv·2025-01-21·CVSS 7.5
CVE-2024-43709 [HIGH] CVE-2024-43709: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a speciall
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
OSV
Elasticsearch allocation of resources without limits or throttling leads to crash
osv·2025-01-21
CVE-2024-43709 [MEDIUM] Elasticsearch allocation of resources without limits or throttling leads to crash
Elasticsearch allocation of resources without limits or throttling leads to crash
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
GHSA
Elasticsearch allocation of resources without limits or throttling leads to crash
ghsa·2025-01-21
CVE-2024-43709 [MEDIUM] CWE-770 Elasticsearch allocation of resources without limits or throttling leads to crash
Elasticsearch allocation of resources without limits or throttling leads to crash
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-21
Published