GHSA-4qhc-v8r6-8vwm

Source
https://github.com/advisories/GHSA-4qhc-v8r6-8vwm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-4qhc-v8r6-8vwm/GHSA-4qhc-v8r6-8vwm.json
Aliases
Published
2023-11-09T21:30:39Z
Modified
2023-11-17T22:01:34Z
Summary
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
Details

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

References

Affected packages

Go / github.com/hashicorp/vault

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.13.10

Go / github.com/hashicorp/vault

Affected ranges

Type
SEMVER
Events
Introduced
1.14.0
Fixed
1.14.6

Go / github.com/hashicorp/vault

Affected ranges

Type
SEMVER
Events
Introduced
1.15.0
Fixed
1.15.2