VYPR
High severityNVD Advisory· Published Nov 9, 2023· Updated Feb 13, 2025

Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption

CVE-2023-5954

Description

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
< 1.13.101.13.10
github.com/hashicorp/vaultGo
>= 1.14.0, < 1.14.61.14.6
github.com/hashicorp/vaultGo
>= 1.15.0, < 1.15.21.15.2

Affected products

22

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.