CVE-2023-5954

GHSA-4qhc-v8r6-8vwm, CVE-2023-5954

go/github.com/hashicorp/vault

HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

All versions before 1.13.10, all versions starting from 1.14.0 before 1.14.6, all versions starting from 1.15.0 before 1.15.2

Upgrade to versions 1.13.10, 1.14.6, 1.15.2 or above.

2023-11-10