CVE-2024-43709: Elasticsearch allocation of resources without limits or throttling leads to crash

January 21, 2025

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

References

discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442
github.com/advisories/GHSA-jgx4-7v3v-vwfm
github.com/elastic/elasticsearch
nvd.nist.gov/vuln/detail/CVE-2024-43709

Detect and mitigate CVE-2024-43709 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →