HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in go/github.com/hashicorp/vault
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
All versions before 1.13.10, all versions starting from 1.14.0 before 1.14.6, all versions starting from 1.15.0 before 1.15.2
Upgrade to versions 1.13.10, 1.14.6, 1.15.2 or above.