CVE-2024-52981

Source
https://cve.org/CVERecord?id=CVE-2024-52981
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52981.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52981
Aliases
Downstream
Published
2025-04-08T16:54:16.668Z
Modified
2026-07-09T08:33:50.986439Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "7.17.0"
                },
                {
                    "last_affected": "7.17.23"
                },
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.15.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52981.json",
    "cna_assigner": "elastic",
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.17.0"
        },
        {
            "fixed": "7.17.24"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.15.1"
        }
    ]
}

Affected versions

v7.*
v7.17.0
v7.17.1
v7.17.10
v7.17.11
v7.17.12
v7.17.13
v7.17.14
v7.17.15
v7.17.16
v7.17.17
v7.17.18
v7.17.19
v7.17.2
v7.17.20
v7.17.21
v7.17.22
v7.17.23
v7.17.3
v7.17.4
v7.17.5
v7.17.6
v7.17.7
v7.17.8
v7.17.9

Database specific

vanir_signatures_modified
"2026-07-09T08:33:50Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52981.json"
vanir_signatures
[
    {
        "id": "CVE-2024-52981-c48c689a",
        "digest": {
            "function_hash": "302806869156825138967016505708747002294",
            "length": 77.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/fcf25fff740db6ab3ed5d145c58d70e4c3528ea7",
        "deprecated": false,
        "target": {
            "function": "doRun",
            "file": "x-pack/plugin/searchable-snapshots/src/internalClusterTest/java/org/elasticsearch/xpack/searchablesnapshots/cache/full/SearchableSnapshotsPrewarmingIntegTests.java"
        }
    },
    {
        "id": "CVE-2024-52981-e4c81f6d",
        "digest": {
            "line_hashes": [
                "15728880044678428613885107089167214246",
                "173618939874799114652410357105564381038",
                "293761876996285912564783256243232366190",
                "198593980507136286893931030547799247876",
                "206709190616943257201853921897333917313",
                "197399493388089925234224283026471881528",
                "44508774986651643012206413574234642238",
                "166140435195922692091311330906342127134",
                "196437853667451077775668990843785496875",
                "333451065704095536815766263903785873394",
                "72868878619308445828107324034491913956"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/elastic/elasticsearch/commit/fcf25fff740db6ab3ed5d145c58d70e4c3528ea7",
        "deprecated": false,
        "target": {
            "file": "x-pack/plugin/searchable-snapshots/src/internalClusterTest/java/org/elasticsearch/xpack/searchablesnapshots/cache/full/SearchableSnapshotsPrewarmingIntegTests.java"
        }
    },
    {
        "id": "CVE-2024-52981-f406637e",
        "digest": {
            "function_hash": "108010166469262082174614297143144359609",
            "length": 9761.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/fcf25fff740db6ab3ed5d145c58d70e4c3528ea7",
        "deprecated": false,
        "target": {
            "function": "testConcurrentPrewarming",
            "file": "x-pack/plugin/searchable-snapshots/src/internalClusterTest/java/org/elasticsearch/xpack/searchablesnapshots/cache/full/SearchableSnapshotsPrewarmingIntegTests.java"
        }
    }
]