CVE-2024-37284: Elastic Defend Improper Handling of Alternate Encoding Leads to Crash

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-37284

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Elastic Defend Improper Handling of Alternate Encoding Leads to Crash

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing the process.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

对异常条件的处理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Elastic Defend 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Elastic Defend是荷兰Elastic公司的一款应用程序。提供预防、检测和响应功能，以及对 EPP、EDR、SIEM 和安全分析的深度可见性。 Elastic Defend 8.13.3及之前版本存在安全漏洞，该漏洞源于尝试扫描编码为多字节字符的文件或进程时，会发生对备用编码的不当处理，导致未捕获的异常，进而阻止其隔离文件和/或终止进程。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Elastic	Elastic Defend	8.0.0 ~ 8.13.3	-

II. Public POCs for CVE-2024-37284

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-37284

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Elastic Defend

CVE-2025-25013
Elastic Defend Insertion of Sensitive Information into Log F

Same vendor: Elastic

Same weakness: CWE-755

V. Comments for CVE-2024-37284

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2024-37284

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-37284

III. Intelligence Information for CVE-2024-37284

IV. Related Vulnerabilities

V. Comments for CVE-2024-37284

Leave a comment