CVE-2023-0821

Summary

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

Affected Software

VendorProductVersion RangeStatus
HashiCorpNomad0 <= 1.2.15affected
HashiCorpNomad0 <= 1.3.8affected
HashiCorpNomad0 <= 1.4.3affected
HashiCorpNomad Enterprise0 <= 1.2.15affected
HashiCorpNomad Enterprise0 <= 1.3.8affected
HashiCorpNomad Enterprise0 <= 1.4.3affected

Weaknesses

  • CWE-409: CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References