Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6337

Опубликовано: 08 дек. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

A flaw was found in HashiCorp Vault and Vault Enterprise 1.12.0. When handling large HTTP requests from a client, Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.

Отчет

Red Hat is not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Pipelinesopenshift-pipelines-clientNot affected
Red Hat build of Apache Camel for Spring Boot 4rhint-camel-spring-bootNot affected
Red Hat Openshift Data Foundation 4mcgNot affected
Red Hat Openshift Data Foundation 4odf4/cephcsi-rhel9Not affected
Red Hat Openshift Data Foundation 4odf4/mcg-cli-rhel9Not affected
Red Hat Openshift Data Foundation 4odf4/mcg-rhel9-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/ocs-rhel9-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/odf-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2253848hashicorp-vault: denial of service through memory exhaustion

EPSS

Процентиль: 71%
0.00719
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-6337

CVSS3: 7.5
nvd
больше 1 года назад

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

msrc логотип

CVE-2023-6337

CVSS3: 7.5
msrc
10 месяцев назад

Описание отсутствует

github логотип

GHSA-6p62-6cg9-f5f5

CVSS3: 7.5
github
больше 1 года назад

Memory exhaustion in HashiCorp Vault

fstec логотип

BDU:2023-08660

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость компонента max_request_duration платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20240805-04

CVSS3: 8.1
redos
11 месяцев назад

Множественные уязвимости vault

EPSS

Процентиль: 71%
0.00719
Низкий

7.5 High

CVSS3