High severityNVD Advisory· Published Nov 9, 2023· Updated Feb 13, 2025
Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954
Description
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/vaultGo | < 1.13.10 | 1.13.10 |
github.com/hashicorp/vaultGo | >= 1.14.0, < 1.14.6 | 1.14.6 |
github.com/hashicorp/vaultGo | >= 1.15.0, < 1.15.2 | 1.15.2 |
Affected products
22- osv-coords20 versionspkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/chainguard/vault-1.14pkg:apk/chainguard/vault-1.14-compatpkg:apk/chainguard/vault-1.14-entrypointpkg:apk/chainguard/vault-1.16pkg:apk/chainguard/vault-1.16-compatpkg:apk/chainguard/vault-fips-1.14pkg:apk/chainguard/vault-fips-1.14-compatpkg:apk/chainguard/vault-fips-1.16pkg:apk/chainguard/vault-fips-1.16-compatpkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:apk/wolfi/vault-1.14pkg:apk/wolfi/vault-1.14-compatpkg:apk/wolfi/vault-1.14-entrypointpkg:bitnami/vaultpkg:golang/github.com/hashicorp/vault
< 5.6.0-r11+ 19 more
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 1.13.7, < 1.13.10
- (no CPE)range: < 1.13.10
- Range: 1.15.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4qhc-v8r6-8vwmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-5954ghsaADVISORY
- discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926ghsaWEB
- security.netapp.com/advisory/ntap-20231227-0001ghsaWEB
- security.netapp.com/advisory/ntap-20231227-0001/mitre
News mentions
0No linked articles in our index yet.