CVE-2024-37280

Опубликовано: 07 июн. 2024

Источник: redhat

CVSS3: 4.9

EPSS Низкий

Описание

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

A flaw was found in Elasticsearch that affects document ingestion when an index template contains a dynamic field mapping of the “passthrough” type. Under certain circumstances, ingesting documents in this index can cause a StackOverflow exception to be thrown, leading to a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/fluentd-rhel8	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/kibana6-rhel8	Not affected
Red Hat OpenStack Platform 16.1	openstack-panko	Not affected
Red Hat OpenStack Platform 16.2	openstack-panko	Not affected
Red Hat Quay 3	quay/quay-rhel8	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=2290834elasticsearch: Ingesting documents in this index would cause a StackOverflow exception

EPSS

Процентиль: 56%

0.00335

Низкий

4.9 Medium

CVSS3

Связанные уязвимости

CVE-2024-37280

CVSS3: 4.9

ubuntu

больше 1 года назад

CVE-2024-37280

CVSS3: 4.9

nvd

больше 1 года назад

CVE-2024-37280

CVSS3: 4.9

debian

больше 1 года назад

A flaw was discovered in Elasticsearch, affecting document ingestion w ...

GHSA-4q22-422g-m4pj

CVSS3: 4.9

github

больше 1 года назад

Elasticsearch StackOverflow vulnerability

EPSS

Процентиль: 56%

0.00335

Низкий

4.9 Medium

CVSS3