cbcvebase.
CVE-2023-6337
published 2023-12-08

CVE-2023-6337: HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.79%
51.7th percentile
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

Affected

14 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 1.12.0 < 1.13.121.13.12
github.comhashicorp_vault>= 1.14.0 < 1.14.81.14.8
github.comhashicorp_vault>= 1.15.0 < 1.15.41.15.4
hashicorpvault<= 1.12.0
hashicorpvault>= 1.12.0 < 1.15.41.15.4
hashicorpvault>= 1.13.0 < 1.13.121.13.12
hashicorpvault>= 1.14.0 < 1.14.81.14.8
hashicorpvault>= 1.15.0 < 1.15.41.15.4
hashicorpvault_enterprise>= 1.12.0 < 1.15.41.15.4
msrcazl3_cert-manager_1.11.2-8_on_azure_linux_3.0
msrcazl3_cert-manager_1.12.12-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_cert-manager_1.11.2-22_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.