CVE-2020-13250

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.2.0 through 1.6.5 HashiCorp Consul versions 1.4.3 through 1.7.3

Description The issue is related to a denial of service vulnerability in the HTTP API and DNS caching feature of HashiCorp Consul and Consul Enterprise. The HTTP API was introduced in version 1.2.0, and the DNS caching feature was introduced in version 1.4.3.

Recommendations For HashiCorp Consul versions 1.2.0 through 1.6.5, update to version 1.6.6 or later. For HashiCorp Consul versions 1.4.3 through 1.7.3, update to version 1.7.4 or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

BIT-CONSUL-2020-13250

CVE-2020-13250

GHSA-RQJQ-MRGX-85HP

GO-2022-0879

Affected Products

Alt Linux

Hashicorp Consul Enterprise

Hashicorp Consul

CVE-2020-13250

Weakness Enumeration

Related Identifiers

Affected Products

References · 16