CVE-2023-6337 - OpenCVE

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hashicorp	Vault

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault::::::::
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*

No data.

References

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741
https://nvd.nist.gov/vuln/detail/CVE-2023-6337
https://security.netapp.com/advisory/ntap-20240112-0006/
https://www.cve.org/CVERecord?id=CVE-2023-6337

History

No history.

MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-12-08T21:12:31.712Z

Updated: 2024-08-02T08:28:21.284Z

Reserved: 2023-11-27T18:55:16.606Z

Link: CVE-2023-6337

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-08T22:15:07.713

Modified: 2024-01-12T14:15:48.907

Link: CVE-2023-6337

Redhat

Severity : Moderate

Publid Date: 2023-12-08T00:00:00Z

Links: CVE-2023-6337 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6337", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2023-11-27T18:55:16.606Z", "datePublished": "2023-12-08T21:12:31.712Z", "dateUpdated": "2024-08-02T08:28:21.284Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2023-12-08T21:12:31.712Z"}, "title": "Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "affected": [{"vendor": "HashiCorp", "product": "Vault", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "repo": "https://github.com/hashicorp/vault", "versions": [{"status": "affected", "version": "1.12.0", "lessThan": "1.15.4", "changes": [{"at": "1.14.8", "status": "unaffected"}, {"at": "1.13.2", "status": "unaffected"}], "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "HashiCorp", "product": "Vault Enterprise", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "versions": [{"status": "affected", "version": "1.12.0", "lessThan": "1.15.4", "changes": [{"at": "1.14.8", "status": "unaffected"}, {"at": "1.13.2", "status": "unaffected"}], "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.\n\n", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span style=\"background-color: transparent;\">HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.<br><br>Fixed in <span style=\"background-color: transparent;\">Vault 1.15.4, 1.14.8, 1.13.12.</span><br></span><br>"}]}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741"}, {"url": "https://security.netapp.com/advisory/ntap-20240112-0006/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"advisory": "HCSEC-2023-34", "discovery": "USER"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.284Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240112-0006/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "279420C4-177B-42B2-A4D9-6E9EDA3F1D0E", "versionEndIncluding": "1.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B0DB3723-28B2-48CB-9027-9A3AE4C650BD", "versionEndIncluding": "1.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCBF4C08-0C81-46C1-B9C6-843E07C78E34", "versionEndExcluding": "1.13.12", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F1B50279-B5C2-442A-AA6B-55DDD19ED8F5", "versionEndExcluding": "1.13.12", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "885CF0FC-A707-4E8F-BCA8-45BC83FC06EE", "versionEndExcluding": "1.14.8", "versionStartIncluding": "1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D1BCB828-CA09-433F-96C3-4653B565DF1F", "versionEndExcluding": "1.14.8", "versionStartIncluding": "1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "89F657D5-0195-4A10-80B3-C12ACFFA5B0E", "versionEndExcluding": "1.15.4", "versionStartIncluding": "1.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CB94C54C-E891-47FD-8695-DFE0652F0E30", "versionEndExcluding": "1.15.4", "versionStartIncluding": "1.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.\n\n"}, {"lang": "es", "value": "HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegaci\u00f3n de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentar\u00e1 asignar la solicitud a la memoria, lo que provocar\u00e1 que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12."}], "id": "CVE-2023-6337", "lastModified": "2024-01-12T14:15:48.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-12-08T22:15:07.713", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741"}, {"source": "security@hashicorp.com", "url": "https://security.netapp.com/advisory/ntap-20240112-0006/"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"bugzilla": {"description": "hashicorp-vault: denial of service through memory exhaustion", "id": "2253848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253848"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.", "A flaw was found in HashiCorp Vault and Vault Enterprise 1.12.0. When handling large HTTP requests from a client, Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash."], "name": "CVE-2023-6337", "package_state": [{"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Not affected", "package_name": "rhint-camel-spring-boot", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "mcg", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2023-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6337\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6337"], "threat_severity": "Moderate", "upstream_fix": "hashicorp-vault 1.15.4, hashicorp-vault 1.14.8, hashicorp-vault 1.13.12"}