CVE-2024-43709Allocation of Resources Without Limits or Throttling in Elasticsearch

CWE-770Allocation of Resources Without Limits or Throttling7 documents6 sources
Severity
7.5HIGHNVD
CNA6.5
EPSS
0.9%
top 24.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Elasticsearch
Timeline
PublishedJan 21
Latest updateApr 15

Description

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elasticsearch7.17.0, 8.0.07.17.21, 8.13.3
NVDelastic/elasticsearch7.17.07.17.21+1

🔴Vulnerability Details

4
CVEList
Elasticsearch allocation of resources without limits or throttling leads to crash2025-01-21
OSV
CVE-2024-43709: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a speciall2025-01-21
OSV
Elasticsearch allocation of resources without limits or throttling leads to crash2025-01-21
GHSA
Elasticsearch allocation of resources without limits or throttling leads to crash2025-01-21

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) — CVE-2024-437092025-04-15
Red Hat
elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash2025-01-21
CVE-2024-43709 — Elastic Elasticsearch vulnerability | cvebase