HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 - Vendor Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240112-0006/ - |
12 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2023, 18:06
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-08 22:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6337
Mitre link : CVE-2023-6337
CVE.ORG link : CVE-2023-6337
JSON object : View
Products Affected
hashicorp
- vault
CWE
CWE-770
Allocation of Resources Without Limits or Throttling