CVE-2023-6337

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240112-0006/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*

History

12 Jan 2024, 14:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240112-0006/ -

13 Dec 2023, 18:06

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-08 22:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-6337

Mitre link : CVE-2023-6337

CVE.ORG link : CVE-2023-6337

JSON object : View

Products Affected

hashicorp

vault

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2023-6337", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@hashicorp.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-08T22:15:07.713", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", "tags": ["Vendor Advisory"], "source": "security@hashicorp.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240112-0006/", "source": "security@hashicorp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "security@hashicorp.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.\n\n"}, {"lang": "es", "value": "HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegaci\u00f3n de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentar\u00e1 asignar la solicitud a la memoria, lo que provocar\u00e1 que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12."}], "lastModified": "2024-01-12T14:15:48.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "279420C4-177B-42B2-A4D9-6E9EDA3F1D0E", "versionEndIncluding": "1.12.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B0DB3723-28B2-48CB-9027-9A3AE4C650BD", "versionEndIncluding": "1.12.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCBF4C08-0C81-46C1-B9C6-843E07C78E34", "versionEndExcluding": "1.13.12", "versionStartIncluding": "1.13.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F1B50279-B5C2-442A-AA6B-55DDD19ED8F5", "versionEndExcluding": "1.13.12", "versionStartIncluding": "1.13.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "885CF0FC-A707-4E8F-BCA8-45BC83FC06EE", "versionEndExcluding": "1.14.8", "versionStartIncluding": "1.14.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D1BCB828-CA09-433F-96C3-4653B565DF1F", "versionEndExcluding": "1.14.8", "versionStartIncluding": "1.14.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89F657D5-0195-4A10-80B3-C12ACFFA5B0E", "versionEndExcluding": "1.15.4", "versionStartIncluding": "1.15.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CB94C54C-E891-47FD-8695-DFE0652F0E30", "versionEndExcluding": "1.15.4", "versionStartIncluding": "1.15.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@hashicorp.com"}