CVE-2023-0845 — NULL Pointer Dereference in Hashicorp Consul

CWE-476 — NULL Pointer Dereference7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 39.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Consul Hashicorp Consul Hashicorp Consul Enterprise +1 more

Timeline

PublishedMar 9

Latest updateAug 20

Description

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5hashicorp/consul_enterprise5 versions+4

▶NVDhashicorp/consul< 1.14.5

▶Gogithub.com/hashicorp_consul1.14.0 — 1.14.5

▶debiandebian/consul

▶CVEListV5hashicorp/consul5 versions+4

🔴Vulnerability Details

OSV

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul↗2024-08-20

▶

OSV

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections↗2023-03-09

▶

GHSA

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections↗2023-03-09

▶

OSV

CVE-2023-0845: Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client a↗2023-03-09

▶

📋Vendor Advisories

Red Hat

hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections↗2023-03-09

▶

Debian

CVE-2023-0845: consul - Consul and Consul Enterprise allowed an authenticated user with service:write pe...↗2023

▶