CVE-2020-25201

Denial of service in HashiCorp Consul in go/github.com/hashicorp/consul

Identifiers

GHSA-496g-fr33-whrf, CVE-2020-25201

Package Slug

go/github.com/hashicorp/consul

Vulnerability

Denial of service in HashiCorp Consul

Description

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

Affected Versions

All versions starting from 1.7.0 before 1.7.9, all versions starting from 1.8.0 before 1.8.5

Solution

Upgrade to versions 1.7.9, 1.8.5 or above.

Last Modified

2024-02-01

source