CVE-2023-3774
First published: Fri Jul 28 2023(Updated: )
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
Credit: security@hashicorp.com security@hashicorp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | =1.12.8 | |
| HashiCorp Vault | =1.13.4 | |
| HashiCorp Vault | =1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3774?
CVE-2023-3774 is an unhandled error in Vault Enterprise's namespace creation that may cause the Vault process to crash, potentially resulting in denial of service.
What is the severity of CVE-2023-3774?
CVE-2023-3774 has a severity level of medium (4.9).
How does CVE-2023-3774 affect HashiCorp Vault?
CVE-2023-3774 affects HashiCorp Vault versions 1.12.8, 1.13.4, and 1.14.0 in their enterprise editions.
How can I mitigate CVE-2023-3774?
You can mitigate CVE-2023-3774 by upgrading to Vault versions 1.14.1, 1.13.5, or 1.12.9, where the vulnerability is fixed.
Where can I find more information about CVE-2023-3774?
More information about CVE-2023-3774 can be found at the following link: https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-latest
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/1.12.8
- version/hashicorp vault/1.13.4
- version/hashicorp vault/1.14.0