Elasticsearch 7.17.24 and 8.15.1 Security Update (ESA-2024-37)

Bryan_Garcia · April 8, 2025, 4:00pm

Elasticsearch Uncontrolled Resource Consumption vulnerability (ESA-2024-37)

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

Affected Versions:
Elasticsearch versions 7.17.0 to 7.17.23 and 8.0 to 8.15.0.

Solutions and Mitigations:
Users should upgrade to version 7.17.24 or higher, or version 8.15.1 or higher.

Severity: CVSS v3.1: 4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/CR:M/IR:M/AR:M

CVE ID: CVE-2024-52981

2025-04-25 Update: added version 7.17.24 to solutions and mitigations

Topic		Replies	Views
Elasticsearch 8.13.0 / 7.17.19 Security Update (ESA-2024-06) Security Announcements	0	9049	March 27, 2024
Elasticsearch 8.15.1 Security Update (ESA-2024-34) Security Announcements	0	696	April 8, 2025
Elasticsearch 7.13.3 and 6.8.17 Security Update Security Announcements	1	14612	November 4, 2022
Elasticsearch 8.9.1 / 7.17.13 Security Update Security Announcements	0	13777	September 18, 2023
Discuss: Security Vulnerabilities: ESA-2023-14 - CVE-2023-31419 Elasticsearch	3	901	January 4, 2024

Elasticsearch 7.17.24 and 8.15.1 Security Update (ESA-2024-37)

Related topics