CVE-2024-23449

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23449

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23449.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23449

Aliases

Related

UBUNTU-CVE-2024-23449

Published

2024-03-29T12:15:08Z

Modified

2025-02-18T19:52:41Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.

References

https://discuss.elastic.co/t/elasticsearch-8-11-1-security-update-esa-2024-05/356458

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

f56126089ca4db89b631901ad7cce0a8e10e2fe5

Fixed

6f9ff581fbcde658e6f69d6ce03050f060d1fd0c