CVE-2024-23449

Name of the Vulnerable Software and Affected Versions Elasticsearch versions 8.4.0 through 8.11.0

Description The issue is related to an error in handling exceptions in the Elasticsearch search system's API implementation. It can be exploited by a remote attacker using a specially crafted PDF file, leading to a denial of service. Specifically, when an encrypted PDF is passed to an attachment processor through the REST API, the Elasticsearch ingest node attempting to parse the PDF file will crash. This issue does not affect password-protected PDF files or unencrypted PDF files.

Recommendations For Elasticsearch versions 8.4.0 through 8.11.0, update to version 8.11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoint that processes attachments to minimize the risk of exploitation. Avoid using the attachment processor for encrypted PDF files until the issue is resolved.