HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
History

Wed, 02 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4.17::el9
Vendors & Products Redhat openshift

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-11-09T20:13:49.346Z

Updated: 2024-08-02T08:14:25.126Z

Reserved: 2023-11-03T16:18:00.469Z

Link: CVE-2023-5954

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-09T21:15:25.143

Modified: 2024-11-21T08:42:51.270

Link: CVE-2023-5954

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5954 - Bugzilla