github.com/hashicorp/vault is vulnerable to denial of service. The vulnerability exists input
function of raft.go
because the entry key size is never checked with the max key size which leads to an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hashicorp/vault | le | v1.9.0 | |
github.com/hashicorp/vault | le | v1.9.0 |
discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157
github.com/hashicorp/vault/commit/231b56503684356c6e15245f9382b8d0b8c42091
github.com/hashicorp/vault/commit/7c65db6bc53b2f9fff15c5134656ee3b2c5c6d0e
github.com/hashicorp/vault/issues/13281
github.com/hashicorp/vault/pull/13282
github.com/hashicorp/vault/pull/13286
security.gentoo.org/glsa/202207-01
www.hashicorp.com/blog/category/vault