Vulnerabilities > CVE-2023-5954 - Memory Leak vulnerability in Hashicorp Vault
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Common Weakness Enumeration (CWE)
References
- https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926
- https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926
- https://security.netapp.com/advisory/ntap-20231227-0001/
- https://security.netapp.com/advisory/ntap-20231227-0001/