logo

Database

Improper resource allocation In github.com/hashicorp/vault

Description

HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-59542. NVD-2023-59543. OSV-2023-59544. GCVE-2023-5954

References

1. https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/599262. https://security.netapp.com/advisory/ntap-20231227-0001

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.