PT-2023-7600 · Hashicorp+2 · Hashicorp Vault+3
Published
2023-11-27
·
Updated
2024-08-05
·
CVE-2023-6337
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
HashiCorp Vault and Vault Enterprise versions 1.12.0 through 1.15.3
HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.11
HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.7
Description
The issue is related to the handling of large unauthenticated and authenticated HTTP requests from a client, which can lead to memory exhaustion of the host. When such requests are made, the software attempts to map them to memory, resulting in the depletion of available memory on the host. This can cause the software to crash, leading to a denial of service.
Recommendations
For HashiCorp Vault and Vault Enterprise versions 1.12.0 through 1.15.3, update to version 1.15.4 or newer.
For HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.11, update to version 1.13.12 or newer.
For HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.7, update to version 1.14.8 or newer.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Hashicorp Vault
Red Os
Vault Enterprise