Описание
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
A flaw was found in The HashiCorp Vault, which may be susceptible to a denial of service due to an unbounded consumption of memory when handling policy requests. This issue may allow an attacker to trigger policy checks by sending multiple inbound client requests that create a logger that is never removed from memory, leading to excessive memory consumption, causing a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Openshift Data Foundation 4 | odf4/ocs-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-multicluster-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-rhel8-operator | Will not fix | ||
| Red Hat Openshift Data Foundation 4 | odf4/odr-rhel8-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/rook-ceph-rhel8-operator | Not affected | ||
| Red Hat OpenShift Container Platform 4.17 | openshift4/ose-installer-rhel9 | Fixed | RHSA-2024:3718 | 01.10.2024 |
| RHODF-4.15-RHEL-9 | odf4/mcg-rhel9-operator | Fixed | RHSA-2024:1383 | 19.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с ошибками освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.9 Medium
CVSS3