CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%
HashiCorp Vault is vulnerable to Denial of Service. The vulnerability is caused due to the unbounded memory copy operation during the processing of inbound HTTP requests.This could lead to memory exhaustion within the host when handling large unauthenticated and authenticated HTTP requests from a client.
discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741
github.com/advisories/GHSA-6p62-6cg9-f5f5
github.com/hashicorp/vault/commit/446f213c47cabf47d52d065647ef666ce4bf8692
github.com/hashicorp/vault/commit/9b61934559ba31150860e618cf18e816cbddc630
github.com/hashicorp/vault/commit/c19fea2527cd34d6232a2bbb40c37a6273987d10
security.netapp.com/advisory/ntap-20240112-0006/