Denial Of Service (DoS)

Vault is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of complex JSON payloads caused by a regression that processes JSON requests before applying rate limits, which allows an attacker to exhaust resources and cause a denial of service...

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/command is a tool for secrets management, encryption as a service, and privileged access management. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP...

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...