GO-2023-2399
- Source
- https://pkg.go.dev/vuln/GO-2023-2399
- Import Source
- https://vuln.go.dev/ID/GO-2023-2399.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2023-2399
- Aliases
-
- BIT-vault-2023-6337
- CVE-2023-6337
- GHSA-6p62-6cg9-f5f5
- Published
- 2024-01-03T22:56:19Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Denial of service via memory exhaustion in github.com/hashicorp/vault
- Details
-
Unauthenticated and authenticated HTTP requests from a client will be attempted to be mapped to memory. Large requests may result in the exhaustion of available memory on the host, which may cause crashes and denial of service.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-2399" }- References
Affected packages
Go / github.com/hashicorp/vault
Package
- Name
- github.com/hashicorp/vault
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/vault
Affected ranges
- Type
- SEMVER
- Events
-
Introduced1.12.0Fixed1.13.12Introduced1.14.0Fixed1.14.8Introduced1.15.0Fixed1.15.4
Ecosystem specific
{
"imports": [
{
"path": "github.com/hashicorp/vault/helper/forwarding",
"symbols": [
"GenerateForwardedHTTPRequest",
"GenerateForwardedRequest"
]
},
{
"path": "github.com/hashicorp/vault/http",
"symbols": [
"HandlerAnchor.Handler",
"TestServer",
"TestServerWithListener",
"TestServerWithListenerAndProperties",
"handler",
"parseFormRequest",
"parseJSONRequest",
"rateLimitQuotaWrapping",
"wrapGenericHandler"
]
},
{
"path": "github.com/hashicorp/vault/vault",
"symbols": [
"Core.DetermineRoleFromLoginRequest",
"Core.DetermineRoleFromLoginRequestFromBytes",
"Core.ForwardRequest",
"Core.HandleRequest",
"NewSystemBackend",
"NewTestCluster",
"SystemBackend.handleStorageRaftSnapshotWrite",
"TestCluster.InitCores",
"TestCoreUnsealed",
"TestCoreUnsealedRaw",
"TestCoreUnsealedWithConfig",
"TestCoreUnsealedWithMetrics",
"TestCoreWithCustomResponseHeaderAndUI"
]
}
]
}