CVE-2023-6337
Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentará asignar la solicitud a la memoria, lo que provocará que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-27 CVE Reserved
- 2023-12-08 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
- CAPEC-130: Excessive Allocation
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | <= 1.12.0 Search vendor "Hashicorp" for product "Vault" and version " <= 1.12.0" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | <= 1.12.0 Search vendor "Hashicorp" for product "Vault" and version " <= 1.12.0" | enterprise |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.13.0 < 1.13.12 Search vendor "Hashicorp" for product "Vault" and version " >= 1.13.0 < 1.13.12" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.13.0 < 1.13.12 Search vendor "Hashicorp" for product "Vault" and version " >= 1.13.0 < 1.13.12" | enterprise |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.14.0 < 1.14.8 Search vendor "Hashicorp" for product "Vault" and version " >= 1.14.0 < 1.14.8" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.14.0 < 1.14.8 Search vendor "Hashicorp" for product "Vault" and version " >= 1.14.0 < 1.14.8" | enterprise |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.15.0 < 1.15.4 Search vendor "Hashicorp" for product "Vault" and version " >= 1.15.0 < 1.15.4" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.15.0 < 1.15.4 Search vendor "Hashicorp" for product "Vault" and version " >= 1.15.0 < 1.15.4" | enterprise |
Affected
| ||||||