{"id":"CVE-2023-5954","details":"HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.","aliases":["BIT-vault-2023-5954","GHSA-4qhc-v8r6-8vwm","GO-2023-2329"],"modified":"2026-03-15T14:48:55.554210Z","published":"2023-11-09T21:15:25.143Z","related":["CGA-r754-vx36-9qrf"],"references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231227-0001/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/vault","events":[{"introduced":"895eb72029d83fcefb8a079e056e7024d8dc6020"},{"fixed":"39680359a1c5d78d05679ac94fa4f0944d442581"},{"introduced":"895eb72029d83fcefb8a079e056e7024d8dc6020"},{"fixed":"39680359a1c5d78d05679ac94fa4f0944d442581"},{"introduced":"56debfa71653e72433345f23cd26276bc90629ce"},{"fixed":"5efc0cb9076cd49e80f6789dc978d68a9a9a5a1d"},{"introduced":"56debfa71653e72433345f23cd26276bc90629ce"},{"fixed":"5efc0cb9076cd49e80f6789dc978d68a9a9a5a1d"},{"introduced":"b4d07277a6c5318bb50d3b94bbd6135dccb4c601"},{"fixed":"cf1b5cafa047bc8e4a3f93444fcb4011593b92cb"},{"introduced":"b4d07277a6c5318bb50d3b94bbd6135dccb4c601"},{"fixed":"cf1b5cafa047bc8e4a3f93444fcb4011593b92cb"}],"database_specific":{"versions":[{"introduced":"1.13.7"},{"fixed":"1.13.10"},{"introduced":"1.13.7"},{"fixed":"1.13.10"},{"introduced":"1.14.3"},{"fixed":"1.14.6"},{"introduced":"1.14.3"},{"fixed":"1.14.6"},{"introduced":"1.15.0"},{"fixed":"1.15.2"},{"introduced":"1.15.0"},{"fixed":"1.15.2"}]}}],"versions":["sdk/v0.10.2","v1.13.7","v1.13.8","v1.13.9","v1.14.3","v1.14.4","v1.14.5","v1.15.0","v1.15.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5954.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}