CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%
github.com/hashicorp/vault is vulnerable to Denial of Service (DoS). A memory leak vulnerability allows an attacker to cause a denial-of-service (DoS) attacks against a vulnerable Vault instance by sending a large number of malicious client requests. The malicious requests would cause Vault to consume all of the available memory and cause Vault to crash.
bugzilla.redhat.com/show_bug.cgi?id=2249115
discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926
github.com/advisories/GHSA-4qhc-v8r6-8vwm
github.com/hashicorp/vault/commit/96f5e64b83a14156e1ca5c2dad391d08b7044a3a
github.com/hashicorp/vault/commit/e8ebe6b5651705359111cc3f7aefedd203fde959
github.com/hashicorp/vault/commit/ec9c9053a4e59800ff67610257a3b0229ddf06cf
security.netapp.com/advisory/ntap-20231227-0001/