cbcvebase.
CVE-2023-5954
published 2023-11-09

CVE-2023-5954: HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.72%
49.2th percentile
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

Affected

24 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 0 < 1.13.101.13.10
github.comhashicorp_vault>= 1.14.0 < 1.14.61.14.6
github.comhashicorp_vault>= 1.15.0 < 1.15.21.15.2
hashicorpvault
hashicorpvault
hashicorpvault
hashicorpvault
hashicorpvault
hashicorpvault
hashicorpvault
hashicorpvault
hashicorpvault>= 1.13.7 < 1.13.101.13.10
hashicorpvault>= 1.14.3 < 1.14.61.14.6
hashicorpvault>= 1.15.0 < 1.15.21.15.2
hashicorpvault_enterprise
hashicorpvault_enterprise
hashicorpvault_enterprise
hashicorpvault_enterprise
hashicorpvault_enterprise
hashicorpvault_enterprise
hashicorpvault_enterprise
hashicorpvault_enterprise
mozillafirefox>= 0 < 111.0.1+build2-0ubuntu0.18.04.1111.0.1+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 111.0.1+build2-0ubuntu0.20.04.1111.0.1+build2-0ubuntu0.20.04.1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv4.3MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.