CVE-2023-3774Uncaught Exception in Vault Enterprise

CWE-248Uncaught ExceptionCWE-755Improper Handling of Exceptional ConditionsCWE-703Improper Check or Handling of Exceptional Conditions2 documents2 sources
Severity
4.9MEDIUMNVD
EPSS
0.5%
top 32.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hashicorp Vault EnterpriseHashicorp Vault
Timeline
PublishedJul 28

Description

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5hashicorp/vault_enterprise1.12.8, 1.13.4, 1.14.0+2
NVDhashicorp/vault1.12.8, 1.13.4, 1.14.0+2

🔴Vulnerability Details

1
GHSA
GHSA-7j85-mwfj-2gr8: An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service2023-07-28