Описание
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
A denial of service flaw has been discovered in Hashicorp's vault secret storage project. A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit, which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server becoming unresponsive.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Affected | ||
| external secrets operator for Red Hat OpenShift - Tech Preview | external-secrets-operator/external-secrets-operator-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-cli-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-rhel9-operator | Affected | ||
| Red Hat Trusted Artifact Signer | rhtas/client-server-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
Уязвимость подпрограммы аудита платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3