6.5

CVE-2023-0821

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

Data is provided by the National Vulnerability Database (NVD)
HashicorpNomad SwEdition- Version < 1.2.15
HashicorpNomad SwEditionenterprise Version < 1.2.15
HashicorpNomad SwEdition- Version >= 1.3.0 < 1.3.9
HashicorpNomad SwEditionenterprise Version >= 1.3.0 < 1.3.9
HashicorpNomad SwEdition- Version >= 1.4.0 < 1.4.4
HashicorpNomad SwEditionenterprise Version >= 1.4.0 < 1.4.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.24% 0.468
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security@hashicorp.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.