CVE-2023-6337

CVSS V2 None CVSS V3 None

Description

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

Overview

CVE ID
CVE-2023-6337

Assigner
HashiCorp

Vulnerability Status
PUBLISHED

Published Version
2023-12-08T21:12:31.712Z

Last Modified Date
2023-12-08T21:12:31.712Z

Weakness Enumerations

CWE	URL
CWE-770	http://cwe.mitre.org/data/definitions/770.html

References

Reference URL	Reference Tags
https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741
https://security.netapp.com/advisory/ntap-20240112-0006/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6337
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6337

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 06:22:53				Added to TrackCVE