GO-2023-2399
- Source
- https://pkg.go.dev/vuln/GO-2023-2399
- Import Source
- https://vuln.go.dev/ID/GO-2023-2399.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2023-2399
- Aliases
- Published
- 2024-01-03T22:56:19Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Denial of service via memory exhaustion in github.com/hashicorp/vault
- Details
-
Unauthenticated and authenticated HTTP requests from a client will be attempted to be mapped to memory. Large requests may result in the exhaustion of available memory on the host, which may cause crashes and denial of service.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2023-2399", "review_status": "REVIEWED" }- References
Affected packages
Go / github.com/hashicorp/vault
Package
- Name
- github.com/hashicorp/vault
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/vault
Affected ranges
- Type
- SEMVER
- Events
-
Introduced1.12.0Fixed1.13.12Introduced1.14.0Fixed1.14.8Introduced1.15.0Fixed1.15.4
Ecosystem specific
{
"imports": [
{
"symbols": [
"GenerateForwardedHTTPRequest",
"GenerateForwardedRequest"
],
"path": "github.com/hashicorp/vault/helper/forwarding"
},
{
"symbols": [
"HandlerAnchor.Handler",
"TestServer",
"TestServerWithListener",
"TestServerWithListenerAndProperties",
"handler",
"parseFormRequest",
"parseJSONRequest",
"rateLimitQuotaWrapping",
"wrapGenericHandler"
],
"path": "github.com/hashicorp/vault/http"
},
{
"symbols": [
"Core.DetermineRoleFromLoginRequest",
"Core.DetermineRoleFromLoginRequestFromBytes",
"Core.ForwardRequest",
"Core.HandleRequest",
"NewSystemBackend",
"NewTestCluster",
"SystemBackend.handleStorageRaftSnapshotWrite",
"TestCluster.InitCores",
"TestCoreUnsealed",
"TestCoreUnsealedRaw",
"TestCoreUnsealedWithConfig",
"TestCoreUnsealedWithMetrics",
"TestCoreWithCustomResponseHeaderAndUI"
],
"path": "github.com/hashicorp/vault/vault"
}
]
}