CVE-2023-6337

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-6337

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6337.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-6337

Aliases

Downstream

AZL-34585

Published

2023-12-08T21:12:31.712Z

Modified

2026-06-26T03:55:23.499774132Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests

Details

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.

Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6337.json",
    "cwe_ids": [
        "CWE-770"
    ],
    "cna_assigner": "HashiCorp"
}

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/vault

Events

Introduced

558abfa75702b5dab4c98e86b802fb9aef43b0eb

Fixed

9b61934559ba31150860e618cf18e816cbddc630

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.15.4"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6337.json"