x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399

GoVulnBot · 2023-12-12T01:01:24Z

In GitHub Security Advisory GHSA-6p62-6cg9-f5f5, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/vault	1.13.12	>= 1.12.0, < 1.13.12

Cross references:

Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-362v-wg5p-64w2 #578 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-c5wc-v287-82pc #590 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-pfmw-vj74-ph8g #611 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-qv95-g3gm-x542 #618 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-23fq-q7hc-993r #620 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-38j9-7pp9-2hjw #623 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6239-28c2-9mrm, CVE-2021-38554 #632 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault/command: GHSA-25xj-89g5-fm6h #778 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9vh5-r4qw-v3vv #816 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-fp52-qw33-mfmw #825 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-7cgv-v83v-rr87 #1021 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-v3hp-mcj5-pg39 #1685 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-hwc3-3qh6-r4gg #1708 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-gq98-53rq-qr5h #1849 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9mh8-9j64-443f #1897 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-wmg5-g953-qqfw #1900 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9v3w-w2jh-4hff #1986 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-v84f-6r39-cpfc #2063 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-86c6-3g63-5w64 #2088 NOT_IMPORTABLE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-4qhc-v8r6-8vwm #2329 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-vq4h-9ghm-qmrr #1709

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/vault
      versions:
        - introduced: 1.12.0
          fixed: 1.13.12
      vulnerable_at: 1.13.11
      packages:
        - package: github.com/hashicorp/vault
    - module: github.com/hashicorp/vault
      versions:
        - introduced: 1.14.0
          fixed: 1.14.8
      vulnerable_at: 1.14.7
      packages:
        - package: github.com/hashicorp/vault
    - module: github.com/hashicorp/vault
      versions:
        - introduced: 1.15.0
          fixed: 1.15.4
      vulnerable_at: 1.15.3
      packages:
        - package: github.com/hashicorp/vault
summary: Memory exhaustion in HashiCorp Vault
cves:
    - CVE-2023-6337
ghsas:
    - GHSA-6p62-6cg9-f5f5
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-6337
    - web: https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741
    - advisory: https://github.com/advisories/GHSA-6p62-6cg9-f5f5

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-12-20T22:37:17Z

Change https://go.dev/cl/551996 mentions this issue: data/reports: add GO-2023-2399.yaml

timothy-king self-assigned this Dec 14, 2023

timothy-king added the NeedsInvestigation label Dec 14, 2023

timothy-king added NeedsReport and removed NeedsInvestigation labels Dec 20, 2023

gopherbot closed this as completed in e7ffd94 Jan 3, 2024

GoVulnBot mentioned this issue Mar 6, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-r3w7-mfpm-c2vw #2617

Closed

GoVulnBot mentioned this issue Apr 4, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-j2rp-gmqv-frhv #2690

Closed

GoVulnBot mentioned this issue Jun 12, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-32cj-5wx4-gq8p #2921

Closed

GoVulnBot mentioned this issue Jul 12, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-2qmw-pvf7-4mw6 #2982

Closed

GoVulnBot mentioned this issue Sep 3, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-jjxf-26c9-77gm #3113

Closed

GoVulnBot mentioned this issue Sep 26, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-jg74-mwgw-v6x3 #3162

Closed

GoVulnBot mentioned this issue Oct 10, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-rr8j-7w34-xp5j #3191

Closed

GoVulnBot mentioned this issue Oct 31, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-g233-2p4r-3q7v #3246

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399

GoVulnBot commented Dec 12, 2023

gopherbot commented Dec 20, 2023

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399

Comments

GoVulnBot commented Dec 12, 2023

gopherbot commented Dec 20, 2023