GHSA-5xm9-x7x4-4j5x

Опубликовано: 08 апр. 2025

Источник: github

Github: Прошло ревью

CVSS3: 4.9

Описание

Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

Ссылки

Пакеты

Наименование

org.elasticsearch:elasticsearch

maven

Затронутые версииВерсия исправления

>= 7.17.0, <= 7.17.23

7.17.24

Наименование

org.elasticsearch:elasticsearch

maven

Затронутые версииВерсия исправления

>= 8.0.0-alpha1, <= 8.15.0

8.15.1

EPSS

Процентиль: 60%

0.00403

Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2024-52981

Дефекты

CWE-400

Связанные уязвимости

CVE-2024-52981

CVSS3: 4.9

ubuntu

9 месяцев назад

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

CVE-2024-52981

CVSS3: 4.9

nvd

9 месяцев назад

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

CVE-2024-52981

msrc

4 месяца назад

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

CVE-2024-52981

CVSS3: 4.9

debian

9 месяцев назад

An issue was discovered in Elasticsearch, where a large recursion usin ...

BDU:2025-16094

CVSS3: 7.5

fstec

9 месяцев назад

Уязвимость поисковой системы Elasticsearch, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 60%

0.00403

Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2024-52981

Дефекты

CWE-400