CVE-2024-37280 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-37280 Interim 1 5 2026-03-05T02:27:11Z current 2024-06-07T23:09:18Z 2026-03-05T02:27:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-37280 A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 elasticsearch elasticsearch as a component of HPE Helion OpenStack 8 elasticsearch as a component of SUSE OpenStack Cloud 8 elasticsearch as a component of SUSE OpenStack Cloud 9 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 8 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 9 A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature. CVE-2024-37280 HPE Helion OpenStack 8:elasticsearch SUSE OpenStack Cloud 8:elasticsearch SUSE OpenStack Cloud 9:elasticsearch SUSE OpenStack Cloud Crowbar 8:elasticsearch SUSE OpenStack Cloud Crowbar 9:elasticsearch moderate 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H