CVE-2023-6337

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 - Vendor Advisory () https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20240112-0006/ - () https://security.netapp.com/advisory/ntap-20240112-0006/ -

12 Jan 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240112-0006/ -

13 Dec 2023, 18:06

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-08 22:15

Updated : 2024-11-21 08:43


NVD link : CVE-2023-6337

Mitre link : CVE-2023-6337

CVE.ORG link : CVE-2023-6337


JSON object : View

Products Affected

hashicorp

  • vault
CWE
CWE-770

Allocation of Resources Without Limits or Throttling