7.5

CVSS Score

Basic Information

CVE ID

CVE-2024-8185

GHSA ID

GHSA-g233-2p4r-3q7v

EPSS Score

CWE

CWE-636

Published

10/31/2024

Updated

10/31/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-8185

CVE-2024-8185:
Hashicorp Vault vulnerable to denial of service through memory exhaustion

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint. An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.

This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2024-8185

GHSA ID

GHSA-g233-2p4r-3q7v

EPSS Score

CWE

CWE-636

Published

10/31/2024

Updated

10/31/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/hashicorp/vault	go	>= 1.2.0, < 1.18.1	1.18.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key issues: 1) The raft bootstrap challenge handler (handleRaftBootstrapChallengeWrite) lacked rate limiting and used non-expiring storage, allowing attackers to flood the system with challenges. 2) The sync.Map implementation in Core.pendingRaftPeers had no memory limits. The fix introduced an LRU cache with size constraints (RaftInitialChallengeLimit) and rate limiting via golang.org/x/time/rate, directly addressing these memory exhaustion vectors. The commit diff shows the transition from sync.Map to LRU and the addition of challenge limits in these components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*ult *ommunity *n* V*ult *nt*rpris* (“V*ult”) *lust*rs usin* V*ult’s Int**r*t** Stor*** ***k*n* *r* vuln*r**l* to * **ni*l-o*-s*rvi** (*oS) *tt**k t*rou** m*mory *x**ustion t*rou** * R**t *lust*r join *PI *n*point. *n *tt**k*r m*y s*n* * l*r** volum

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s: *) T** r**t *ootstr*p ***ll*n** **n*l*r (**n*l*R**t*ootstr*p***ll*n**Writ*) l**k** r*t* limitin* *n* us** non-*xpirin* stor***, *llowin* *tt**k*rs to *loo* t** syst*m wit* ***ll*n**s. *) T** syn*.M*p imp

7.5

Basic Information

Concerned about an active attack path?

CVE-2024-8185: Hashicorp Vault vulnerable to denial of service through memory exhaustion

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-8185:
Hashicorp Vault vulnerable to denial of service through memory exhaustion

Vulnerability Intelligence
Miggo AI