CVE-2020-25201 — Uncontrolled Resource Consumption in Hashicorp Consul

CWE-400 — Uncontrolled Resource Consumption CWE-834 — Excessive Iteration6 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Consul Github.com Hashicorp Consul Debian Consul

Timeline

PublishedNov 4

Latest updateJun 28

Description

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Gogithub.com/hashicorp_consul1.7.0 — 1.7.9+1

▶Debianhashicorp/consul< 1.8.6+dfsg1-1

▶NVDhashicorp/consul1.7.0 — 1.8.4

▶debiandebian/consul< consul 1.8.6+dfsg1-1 (bullseye)

🔴Vulnerability Details

OSV

Denial of service in HashiCorp Consul in github.com/hashicorp/consul↗2024-06-28

▶

OSV

Denial of service in HashiCorp Consul↗2024-01-31

▶

GHSA

Denial of service in HashiCorp Consul↗2024-01-31

▶

OSV

CVE-2020-25201: HashiCorp Consul Enterprise version 1↗2020-11-04

▶

📋Vendor Advisories

Debian

CVE-2020-25201: consul - HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace repli...↗2020

▶