Home > Vulnerability Database > CVE-2024-8185

Mend.io Vulnerability Database

CVE-2024-8185

Date: October 31, 2024

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

Language: Go

Severity Score

7.5

Related Resources (6)

Url: https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047

Url: https://github.com/hashicorp/vault/commit/195dfca433028887973f5bd82d173d91fe9dab4a

Url: https://github.com/hashicorp/vault

Url: https://github.com/advisories/GHSA-g233-2p4r-3q7v

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8185

Url: https://www.mend.io/vulnerability-database/CVE-2024-8185

Severity Score

7.5

Weakness Type (CWE)

Not Failing Securely ('Failing Open')

CWE-636

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8185

Date: October 31, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?