Darrell Bethea

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vault versions prior to 1.20.3 HashiCorp Vault Enterprise versions 1.19.9, 1.18.14, and 1.16.25 **Description** A malicious user can submit a specially crafted payload that results in excessive memory and CPU consumption, potentially leading to a timeout in Vault’s auditing subroutine and causing the server to become unresponsive. Approximately 123,600 services are potentially exposed worldwide. Over 29,800 vulnerable instances have been identified. **Recommendations** HashiCorp Vault versions prior to 1.20.3 should be upgraded to version 1.20.3 or later. HashiCorp Vault Enterprise versions prior to 1.19.9 should be upgraded to version 1.19.9 or later. HashiCorp Vault Enterprise versions prior to 1.18.14 should be upgraded to version 1.18.14 or later. HashiCorp Vault Enterprise versions prior to 1.16.25 should be upgraded to version 1.16.25 or later.