Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6337

Опубликовано: 08 дек. 2023
Источник: redhat
CVSS3: 7.5

Описание

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

A flaw was found in HashiCorp Vault and Vault Enterprise 1.12.0. When handling large HTTP requests from a client, Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.

Отчет

Red Hat is not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Pipelinesopenshift-pipelines-clientNot affected
Red Hat build of Apache Camel for Spring Boot 4rhint-camel-spring-bootNot affected
Red Hat Openshift Data Foundation 4mcgNot affected
Red Hat Openshift Data Foundation 4odf4/cephcsi-rhel9Not affected
Red Hat Openshift Data Foundation 4odf4/mcg-cli-rhel9Not affected
Red Hat Openshift Data Foundation 4odf4/mcg-rhel9-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/ocs-rhel9-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/odf-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2253848hashicorp-vault: denial of service through memory exhaustion

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-6337

CVSS3: 7.5
nvd
около 2 лет назад

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

msrc логотип

CVE-2023-6337

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-6p62-6cg9-f5f5

CVSS3: 7.5
github
около 2 лет назад

Memory exhaustion in HashiCorp Vault

fstec логотип

BDU:2023-08660

CVSS3: 7.5
fstec
около 2 лет назад

Уязвимость компонента max_request_duration платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20240805-04

CVSS3: 8.1
redos
больше 1 года назад

Множественные уязвимости vault

7.5 High

CVSS3