Primary

Context

Elasticsearch Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A resource allocation vulnerability without proper limits or throttling has been identified in Elasticsearch. This issue is present in versions prior to 7.17.21 and prior to 8.13.3. When exploited through a specially crafted query using an SQL function, the vulnerability can cause an OutOfMemoryError exception, leading to a crash.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application crashes due to memory exhaustion.

Remediation

Users can upgrade to Elasticsearch versions 7.17.21 or 8.13.3 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elasticsearch Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Elasticsearch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating