Lucene search
Veracode Vulnerability DatabaseVERACODE:33404HistoryDec 20, 2021 - 12:38 p.m.
Denial Of Service (DoS)
2021-12-2012:38:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
43.8%
github.com/hashicorp/vault is vulnerable to denial of service. The vulnerability exists input function of raft.go because the entry key size is never checked with the max key size which leads to an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/vault | le | v1.9.0 | |
| github.com/hashicorp/vault | le | v1.9.0 |
References
discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157
github.com/hashicorp/vault/commit/231b56503684356c6e15245f9382b8d0b8c42091
github.com/hashicorp/vault/commit/7c65db6bc53b2f9fff15c5134656ee3b2c5c6d0e
github.com/hashicorp/vault/issues/13281
github.com/hashicorp/vault/pull/13282
github.com/hashicorp/vault/pull/13286
security.gentoo.org/glsa/202207-01
www.hashicorp.com/blog/category/vault
Related
osv
osv
CVE-2021-45042
2021-12-17 14:15:07
BIT-vault-2021-45042
2024-03-06 11:10:18
nvd
nvd
CVE-2021-45042
2021-12-17 14:15:07
redhatcve
redhatcve
CVE-2021-45042
2021-12-22 14:07:22
cve
cve
CVE-2021-45042
2021-12-17 14:15:07
prion
prion
Denial of service
2021-12-17 14:15:00
cvelist
cvelist
CVE-2021-45042
2021-12-17 13:38:51
gentoo
gentoo
HashiCorp Vault: Multiple Vulnerabilities
2022-07-29 00:00:00
nessus
nessus
GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities
2022-08-02 00:00:00