CVE-2023-5954

ADVISORY - github

Summary

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

EPSS Score⁠: 0.00371 (0.583)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-401⁠

Missing Release of Memory after Effective Lifetime

ADVISORY - github

CWE-401⁠

Missing Release of Memory after Effective Lifetime

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-401⁠

Missing Release of Memory after Effective Lifetime

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-5954⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-401⁠

CVSS SCORE

5.9medium

GitHub

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-4qhc-v8r6-8vwm⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-401⁠

CVSS SCORE

7.5high

GoLang

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDGO-2023-2329⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2023-5954

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-937⁠

RATING UNAVAILABLE FROM ADVISORY

Bitnami

CREATED

2 years ago

UPDATED

6 months ago

ADVISORY ID

BIT-vault-2023-5954

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Red Hat

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2023-5954⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-401⁠

CVSS SCORE

5.9medium

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-32p2-xw98-2447

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-398w-j583-p8jw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-3rh5-7fx9-w6cf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-q242-2q7p-8996

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-qfmf-mv8g-2mv9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY