Lucene search

[email protected]CVE-2023-5954

HistoryNov 09, 2023 - 9:15 p.m.

CVE-2023-5954

2023-11-0921:15:25

CWE-401

[email protected]

web.nvd.nist.gov

386

hashicorp

vault

vault enterprise

cve-2023-5954

memory consumption

denial-of-service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

Affected configurations

NVD

Node

hashicorpvaultRange1.13.7–1.13.10-

hashicorpvaultRange1.13.7–1.13.10enterprise

hashicorpvaultRange1.14.3–1.14.6-

hashicorpvaultRange1.14.3–1.14.6enterprise

hashicorpvaultRange1.15.0–1.15.2-

hashicorpvaultRange1.15.0–1.15.2enterprise

CPENameOperatorVersion
hashicorp:vaulthashicorp vaultlt1.13.10
hashicorp:vaulthashicorp vaultlt1.14.6
hashicorp:vaulthashicorp vaultlt1.15.2

CPE	Name	Operator	Version
hashicorp:vault	hashicorp vault	lt	1.13.10
hashicorp:vault	hashicorp vault	lt	1.14.6
hashicorp:vault	hashicorp vault	lt	1.15.2

CNA Affected

[
  {
    "vendor": "HashiCorp",
    "product": "Vault",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "x86",
      "ARM",
      "64 bit",
      "32 bit"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      },
      {
        "status": "affected",
        "version": "1.15.1"
      },
      {
        "status": "affected",
        "version": "1.14.3"
      },
      {
        "status": "affected",
        "version": "1.14.4"
      },
      {
        "status": "affected",
        "version": "1.14.5"
      },
      {
        "status": "affected",
        "version": "1.13.7"
      },
      {
        "status": "affected",
        "version": "1.13.8"
      },
      {
        "status": "affected",
        "version": "1.13.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "HashiCorp",
    "product": "Vault Enterprise",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "x86",
      "ARM",
      "64 bit",
      "32 bit"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      },
      {
        "status": "affected",
        "version": "1.15.1"
      },
      {
        "status": "affected",
        "version": "1.14.3"
      },
      {
        "status": "affected",
        "version": "1.14.4"
      },
      {
        "status": "affected",
        "version": "1.14.5"
      },
      {
        "status": "affected",
        "version": "1.13.7"
      },
      {
        "status": "affected",
        "version": "1.13.8"
      },
      {
        "status": "affected",
        "version": "1.13.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]