CVE-2024-8185
published 2024-10-31CVE-2024-8185: Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.48%
37.8th percentile
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.
This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.2.0 < 1.18.1 | 1.18.1 |
| github.com | openbao_openbao | >= 0 < 2.0.3 | 2.0.3 |
| hashicorp | vault | — | — |
| hashicorp | vault | >= 1.17.0 < 1.17.8 | 1.17.8 |
| hashicorp | vault | >= 1.2.0 < 1.16.12 | 1.16.12 |
| hashicorp | vault | >= 1.2.0 < 1.18.1 | 1.18.1 |
| hashicorp | vault_enterprise | >= 1.2.0 < 1.18.1 | 1.18.1 |
| openbao | openbao | < 2.0.3 | 2.0.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
osv·2024-11-01
CVE-2024-8185 Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
OSV
Hashicorp Vault vulnerable to denial of service through memory exhaustion
osv·2024-10-31·CVSS 7.5
CVE-2024-8185 [HIGH] Hashicorp Vault vulnerable to denial of service through memory exhaustion
Hashicorp Vault vulnerable to denial of service through memory exhaustion
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint. An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.
This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
GHSA
Hashicorp Vault vulnerable to denial of service through memory exhaustion
ghsa·2024-10-31·CVSS 7.5
CVE-2024-8185 [HIGH] CWE-636 Hashicorp Vault vulnerable to denial of service through memory exhaustion
Hashicorp Vault vulnerable to denial of service through memory exhaustion
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint. An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.
This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
Red Hat
hashicorp/vault: Vault Vulnerable to Denial of Service When Processing Raft Join Requests
vendor_redhat·2024-10-31·CVSS 7.5
CVE-2024-8185 [HIGH] CWE-636 hashicorp/vault: Vault Vulnerable to Denial of Service When Processing Raft Join Requests
hashicorp/vault: Vault Vulnerable to Denial of Service When Processing Raft Join Requests
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.
This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
A flaw was found in HashiCorp Vault. Clusters using Vault’s Integrated Storage backend are vulnerable to a denial of service (DoS) attack through memory
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-31
Published