cve/2023/CVE-2023-6337.md

### [CVE-2023-6337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6337)
![](https://img.shields.io/static/v1?label=Product&message=Vault%20Enterprise&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Vault&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen)

### Description

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/bbhorrigan/Vaulthcsec
- https://github.com/fkie-cad/nvd-json-data-feeds