Published: 16/02/2023 Updated: 25/02/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp nomad

Debian Bug report logs - #1034181 nomad: CVE-2023-0821 Package: src:nomad; Maintainer for src:nomad is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 10 Apr 2023 17:42:01 UTC Severity: important Tags: security, upstream Reply or subscribe to this bug Toggle use ...

DescriptionA flaw was found in the HashiCorp Nomad package A job submitted with a maliciously compressed source (for example, “Zip Bomb”) in an artifact stanza can cause excessive disk resource consumption, crashing a Nomad client agentA flaw was found in the HashiCorp Nomad package A job submitted with a maliciously compressed source ...

NVD-CWE-Other https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034181 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-0821

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-0821

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect