BIT-vault-2023-24999
Denial of Service vulnerability in vault (Go)
What is BIT-vault-2023-24999 About?
This vulnerability relates to an unsafe reading of environment files in Netty, potentially causing a denial of service on Windows systems. If a large, specially crafted file is present where Netty expects to load an environment file, the application can crash. Exploitation likely involves system-level file placement.
Affected Software
- github.com/hashicorp/vault
- >1.11.0, <1.11.8
- >1.12.0, <1.12.4
- <1.10.11
Technical Details
The vulnerability exists in Netty (specifically version 4.1.113.Final is mentioned as vulnerable) when running on Windows systems. Netty attempts to load an environment file (the specific path is not detailed, but it's a file that typically doesn't exist by default). If an attacker places a large, specially crafted file at this expected location, Netty's unsafe reading or processing of this file can lead to resource exhaustion or an unhandled error condition. This causes the Netty application to crash, resulting in a denial of service. The attack vector involves local file system manipulation or tricking the system into placing a malicious file readable by the Netty process.
What is the Impact of BIT-vault-2023-24999?
Successful exploitation may allow attackers to cause the Netty application to crash, resulting in a denial of service and disrupting the availability of services that rely on it.
What is the Exploitability of BIT-vault-2023-24999?
Exploitation complexity is high, as it likely requires local access or a highly controlled environment to place the malicious file in the specific location Netty expects. No authentication to Netty itself is required, but local file system write access or code execution might be prerequisites to place the file. This is primarily a local exploitation scenario, but could be part of a multi-stage attack involving remote code execution first. Risk factors include systems where an attacker can write to arbitrary file locations or influence the creation of files in system paths that Netty might attempt to load.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-vault-2023-24999?
Available Upgrade Options
- github.com/hashicorp/vault
- <1.10.11 → Upgrade to 1.10.11
- github.com/hashicorp/vault
- >1.11.0, <1.11.8 → Upgrade to 1.11.8
- github.com/hashicorp/vault
- >1.12.0, <1.12.4 → Upgrade to 1.12.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2023-24999
- https://github.com/advisories/GHSA-wmg5-g953-qqfw
- https://github.com/hashicorp/vault
- https://osv.dev/vulnerability/GHSA-wmg5-g953-qqfw
- https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
- https://security.netapp.com/advisory/ntap-20230505-0001/
- https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
What are Similar Vulnerabilities to BIT-vault-2023-24999?
Similar Vulnerabilities: CVE-2023-44487 , CVE-2022-42969 , CVE-2022-26279 , CVE-2023-38035 , CVE-2021-35560
