CVE-2023-6337

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6337

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6337.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6337

Aliases

Published

2023-12-08T22:15:07Z

Modified

2025-02-19T03:35:51.815974Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.

Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

a4cf0dc4437de35fce4860857b64569d092a9b5a

Fixed

c19fea2527cd34d6232a2bbb40c37a6273987d10

Affected versions

v1.*

v1.13.0

v1.13.1

v1.13.10

v1.13.11

v1.13.2

v1.13.3

v1.13.4

v1.13.5

v1.13.6

v1.13.7

v1.13.8

v1.13.9