CVE-2024-52981: Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion

April 8, 2025 (updated April 9, 2025)

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

References

discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924
github.com/advisories/GHSA-5xm9-x7x4-4j5x
github.com/elastic/elasticsearch
nvd.nist.gov/vuln/detail/CVE-2024-52981

Code Behaviors & Features

Detect and mitigate CVE-2024-52981 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →