{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5954", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2023-11-03T16:18:00.469Z", "datePublished": "2023-11-09T20:13:49.346Z", "dateUpdated": "2024-08-02T08:14:25.126Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2023-11-09T20:13:49.346Z"}, "title": "Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "type": "CWE"}]}], "affected": [{"vendor": "HashiCorp", "product": "Vault", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "versions": [{"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.15.1"}, {"status": "affected", "version": "1.14.3"}, {"status": "affected", "version": "1.14.4"}, {"status": "affected", "version": "1.14.5"}, {"status": "affected", "version": "1.13.7"}, {"status": "affected", "version": "1.13.8"}, {"status": "affected", "version": "1.13.9"}], "defaultStatus": "unaffected"}, {"vendor": "HashiCorp", "product": "Vault Enterprise", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "versions": [{"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.15.1"}, {"status": "affected", "version": "1.14.3"}, {"status": "affected", "version": "1.14.4"}, {"status": "affected", "version": "1.14.5"}, {"status": "affected", "version": "1.13.7"}, {"status": "affected", "version": "1.13.8"}, {"status": "affected", "version": "1.13.9"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10."}]}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"}, {"url": "https://security.netapp.com/advisory/ntap-20231227-0001/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.126Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231227-0001/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "8265AC92-59E4-4229-87E8-ABAF9E3DAAF3", "versionEndExcluding": "1.13.10", "versionStartIncluding": "1.13.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9FD3EF12-C2C0-4529-B0AB-08B8F238531D", "versionEndExcluding": "1.13.10", "versionStartIncluding": "1.13.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "38120A49-ED14-4C8C-9A0A-BA040D48C4E7", "versionEndExcluding": "1.14.6", "versionStartIncluding": "1.14.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ABC1488F-D1BA-4C98-98E0-DAFE9BE205A1", "versionEndExcluding": "1.14.6", "versionStartIncluding": "1.14.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "1C9C9A12-4062-4968-BE87-1B07A789A7D3", "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2D3F2482-2783-49B2-888B-AC99FEE976EA", "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10."}, {"lang": "es", "value": "Las solicitudes de clientes entrantes de HashiCorp Vault y Vault Enterprise que activan una verificaci\u00f3n de pol\u00edticas pueden provocar un consumo ilimitado de memoria. Un gran n\u00famero de estas solicitudes pueden dar lugar a una denegaci\u00f3n de servicio. Corregido en Vault 1.15.2, 1.14.6 y 1.13.10."}], "id": "CVE-2023-5954", "lastModified": "2023-12-27T15:15:45.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-11-09T21:15:25.143", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"}, {"source": "security@hashicorp.com", "url": "https://security.netapp.com/advisory/ntap-20231227-0001/"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3718", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-installer-rhel9:v4.17.0-202409122204.p0.gdfd4c08.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-rhel9-operator:v4.15.0-39", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "vault: inbound client requests can trigger a denial of service", "id": "2249115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249115"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.", "A flaw was found in The HashiCorp Vault, which may be susceptible to a denial of service due to an unbounded consumption of memory when handling policy requests. This issue may allow an attacker to trigger policy checks by sending multiple inbound client requests that create a logger that is never removed from memory, leading to excessive memory consumption, causing a denial of service condition."], "name": "CVE-2023-5954", "package_state": [{"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/odf-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odr-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/rook-ceph-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2023-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5954\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5954\nhttps://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"], "threat_severity": "Moderate", "upstream_fix": "Vault 1.15.2, Vault 1.14.6, Vault 1.13.10"}