CVE-2024-43709: Elasticsearch allocation of resources without limits or throttling leads to crash

January 21, 2025 (updated February 21, 2025)

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

References

discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442
github.com/advisories/GHSA-jgx4-7v3v-vwfm
github.com/elastic/elasticsearch
nvd.nist.gov/vuln/detail/CVE-2024-43709
security.netapp.com/advisory/ntap-20250221-0007

Code Behaviors & Features

Detect and mitigate CVE-2024-43709 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →