PT-2020-13248 · Hashicorp · Hashicorp Consul Enterprise+1
Crhino
·
Published
2020-06-11
·
Updated
2024-08-21
·
CVE-2020-12758
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
HashiCorp Consul and Consul Enterprise versions 1.6.0 through 1.6.5
HashiCorp Consul and Consul Enterprise versions 1.7.0 through 1.7.3
Description
The issue is related to a denial of service (DoS) condition that can occur when HashiCorp Consul and Consul Enterprise are configured with an abnormally-formed service-router entry. This can cause the system to crash. The problem was introduced in version 1.6.0.
Recommendations
For versions 1.6.0 through 1.6.5, update to version 1.6.6 to resolve the issue.
For versions 1.7.0 through 1.7.3, update to version 1.7.4 to resolve the issue.
As a temporary workaround, consider restricting the configuration of service-router entries to prevent abnormally-formed entries from causing a crash.
Fix
Improper Resource Release
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hashicorp Consul Enterprise
Hashicorp Consul