A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
History

Thu, 03 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic elasticsearch
Weaknesses CWE-787
CPEs cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
Vendors & Products Elastic
Elastic elasticsearch

Fri, 16 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2024-06-13T16:26:57.983Z

Updated: 2024-08-16T17:02:41.347Z

Reserved: 2024-06-05T14:21:14.941Z

Link: CVE-2024-37280

cve-icon Vulnrichment

Updated: 2024-08-16T17:02:41.347Z

cve-icon NVD

Status : Modified

Published: 2024-06-13T17:15:50.967

Modified: 2024-11-21T09:23:31.860

Link: CVE-2024-37280

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-07T00:00:00Z

Links: CVE-2024-37280 - Bugzilla