CVE-2024-52981: Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
(updated )
An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
References
- discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924
- github.com/advisories/GHSA-5xm9-x7x4-4j5x
- github.com/elastic/elasticsearch
- github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495
- github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c
- github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3
- nvd.nist.gov/vuln/detail/CVE-2024-52981
Code Behaviors & Features
Detect and mitigate CVE-2024-52981 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →