Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)

ismisepaul · January 21, 2025, 10:49am

Elasticsearch allocation of resources without limits or throttling leads to crash (ESA-2024-25)

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

Affected Versions:
Versions up to 7.17.21 and versions up to 8.13.3

Solutions and Mitigations:
The issue is resolved in version 7.17.21 and 8.13.3.

Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2024-43709

Topic	Replies	Views
Elasticsearch 8.9.0, 7.17.13 Security Update Security Announcements	14874	September 22, 2023
Kibana 7.17.23/8.15.0 Security Updates (ESA-2024-32, ESA-2024-33) Security Announcements	1207	January 23, 2025
Elasticsearch 8.13.0 / 7.17.19 Security Update (ESA-2024-06) Security Announcements	8322	March 27, 2024
Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26) Security Announcements	806	January 21, 2025
Elasticsearch 8.9.1 / 7.17.13 Security Update Security Announcements	13637	September 18, 2023

Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)

Related topics