Fluid Attacks Database

Description

Denial of Service (DoS) in HashiCorp Consul HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/consul

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/consul	>=0 <1.6.3	1.6.3
go	github.com/hashicorp/consul/agent/consul	>=0 <1.6.3	1.6.3
debian 11	consul	>=0 <1.7.0+dfsg1-1	1.7.0+dfsg1-1

Aliases

1. CVE-2020-72192. NVD-2020-72193. OSV-2020-72194. OSV-DEBIAN-2020-72195. GHSA-23jv-v6qj-3fhh6. GCVE-2020-72197. SECURITY-TRACKER-CVE-2020-7219

References

1. https://github.com/hashicorp/consul/issues/71592. https://www.hashicorp.com/blog/category/consul3. https://www.hashicorp.com/blog/category/consul/

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.