| id: GO-2025-4039 |
| modules: |
| - module: github.com/openbao/openbao |
| non_go_versions: |
| - fixed: 2.4.1 |
| vulnerable_at: 0.0.0-20251028151953-42442639d226 |
| summary: |- |
| OpenBao has potential Denial of Service vulnerability when processing malicious |
| unauthenticated JSON requests in github.com/openbao/openbao |
| cves: |
| - CVE-2025-59043 |
| ghsas: |
| - GHSA-g46h-2rq9-gw5m |
| references: |
| - advisory: https://github.com/openbao/openbao/security/advisories/GHSA-g46h-2rq9-gw5m |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-59043 |
| - fix: https://github.com/openbao/openbao/commit/d418f238bc99adc72c73109faf574cc2b672880c |
| - fix: https://github.com/openbao/openbao/pull/1756 |
| - web: https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393 |
| - web: https://github.com/openbao/openbao/blob/788536bd3e10818a7b4fb00aac6affc23388e5a9/http/logical.go#L50 |
| - web: https://nvd.nist.gov/vuln/detail/CVE-2025-6203 |
| source: |
| id: GHSA-g46h-2rq9-gw5m |
| created: 2025-10-28T17:29:55.045246478Z |
| review_status: UNREVIEWED |
