PT-2023-7090 · Hashicorp+1 · Hashicorp Vault+2
Published
2023-11-09
·
Updated
2024-08-21
·
CVE-2023-5954
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
HashiCorp Vault versions prior to 1.13.10
HashiCorp Vault versions prior to 1.14.6
HashiCorp Vault versions prior to 1.15.2
Vault Enterprise versions prior to 1.13.10
Vault Enterprise versions prior to 1.14.6
Vault Enterprise versions prior to 1.15.2
Description
The issue is related to unbounded consumption of memory when HashiCorp Vault and Vault Enterprise inbound client requests trigger a policy check. This can lead to denial-of-service. A large number of these requests may cause the issue. The problem is associated with memory release errors.
Recommendations
For HashiCorp Vault versions prior to 1.13.10, update to version 1.13.10 or later.
For HashiCorp Vault versions prior to 1.14.6, update to version 1.14.6 or later.
For HashiCorp Vault versions prior to 1.15.2, update to version 1.15.2 or later.
For Vault Enterprise versions prior to 1.13.10, update to version 1.13.10 or later.
For Vault Enterprise versions prior to 1.14.6, update to version 1.14.6 or later.
For Vault Enterprise versions prior to 1.15.2, update to version 1.15.2 or later.
Fix
DoS
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hashicorp Vault
Red Os
Vault Enterprise