CVE-2024-8185

Published Oct 31, 2024

Last updated 4 months ago

CVSS high 7.5

Overview

Description
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
Source
security@hashicorp.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security@hashicorp.com
CWE-636

Social media

Hype score
Not currently trending

  1. CVE-2024-8185 Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhau… https://t.co/6YXRxwBGAF

    @CVEnew

    31 Oct 2024

    304 Impressions

    2 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References