Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954
5.9MEDIUM
Summary
A vulnerability in HashiCorp Vault and Vault Enterprise allows inbound client requests that trigger a policy check to lead to unbounded memory consumption. This condition can escalate and result in denial-of-service occurrences, impacting the availability of the service. The vulnerability has been resolved in Vault versions 1.15.2, 1.14.6, and 1.13.10.
Affected Version(s)
Vault Enterprise Windows 1.15.0
Vault Enterprise Windows 1.15.1
Vault Enterprise Windows 1.14.3
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved