PT-2020-16014 · Hashicorp · Hashicorp Consul Enterprise

Published

2020-11-04

Updated

2024-06-28

CVE-2020-25201

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Consul Enterprise versions 1.7.0 through 1.8.4

Description The issue is related to a namespace replication bug in HashiCorp Consul Enterprise, which can be triggered to cause denial of service via infinite Raft writes.

Recommendations For versions 1.7.0 through 1.7.8, update to version 1.7.9 to resolve the issue. For versions 1.8.0 through 1.8.4, update to version 1.8.5 to resolve the issue.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-834CWE-400

Related Identifiers

BIT-CONSUL-2020-25201

CVE-2020-25201

GHSA-496G-FR33-WHRF

GO-2024-2501

Affected Products

Hashicorp Consul Enterprise

PT-2020-16014 · Hashicorp · Hashicorp Consul Enterprise

CVE-2020-25201

Weakness Enumeration

Related Identifiers

Affected Products

References · 19