Vulnerability Report: GO-2023-2399
- CVE-2023-6337, GHSA-6p62-6cg9-f5f5
- Affects: github.com/hashicorp/vault
- Published: Jan 03, 2024
Unauthenticated and authenticated HTTP requests from a client will be attempted to be mapped to memory. Large requests may result in the exhaustion of available memory on the host, which may cause crashes and denial of service.
For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2023-6337.
Affected Packages
-
PathVersionsSymbols
-
from v1.12.0 before v1.13.12, from v1.14.0 before v1.14.8, from v1.15.0 before v1.15.4
-
from v1.12.0 before v1.13.12, from v1.14.0 before v1.14.8, from v1.15.0 before v1.15.4
-
from v1.12.0 before v1.13.12, from v1.14.0 before v1.14.8, from v1.15.0 before v1.15.4
12 affected symbols
Aliases
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-6337
- https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741
- https://github.com/hashicorp/vault/pull/24354
- https://vuln.go.dev/ID/GO-2023-2399.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.