Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEycXItM2MycC05MjM1

Moderate EPSS: 0.0063% (0.69618 Percentile) EPSS:
Permalink JSON

Denial of Service (DoS) in HashiCorp Consul

Affected Packages Affected Versions Fixed Versions
go:github.com/hashicorp/consul
PURL: pkg:go/github.com%2Fhashicorp%2Fconsul
>= 1.7.0, < 1.7.4, >= 1.6.0-beta1, < 1.6.6 1.7.4, 1.6.6
4,916 Dependent packages
3,009 Dependent repositories

Affected Version Ranges

All affected versions

v1.6.0, v1.6.0-beta1, v1.6.0-beta2, v1.6.0-beta3, v1.6.0-rc1, v1.6.1, v1.6.2, v1.6.3, v1.6.4, v1.6.5, v1.7.0, v1.7.0-beta1, v1.7.0-beta2, v1.7.0-beta3, v1.7.0-beta4, v1.7.1, v1.7.2, v1.7.3

All unaffected versions

v0.1.0, v0.2.0, v0.2.1, v0.3.0, v0.3.1, v0.4.0, v0.4.1, v0.5.0, v0.5.1, v0.5.2, v0.6.0, v0.6.1, v0.6.2, v0.6.3, v0.6.4, v0.7.0, v0.7.1, v0.7.2, v0.7.3, v0.7.4, v0.7.5, v0.8.0, v0.8.1, v0.8.2, v0.8.3, v0.8.4, v0.8.5, v0.9.0, v0.9.1, v0.9.2, v0.9.3, v0.9.4, v1.0.0, v1.0.1, v1.0.2, v1.0.3, v1.0.4, v1.0.5, v1.0.6, v1.0.7, v1.0.8, v1.1.0, v1.1.1, v1.2.0, v1.2.1, v1.2.2, v1.2.3, v1.2.4, v1.3.0, v1.3.1, v1.4.0, v1.4.1, v1.4.2, v1.4.3, v1.4.4, v1.4.5, v1.5.0, v1.5.1, v1.5.2, v1.5.3, v1.6.6, v1.6.7, v1.6.8, v1.6.9, v1.6.10, v1.7.4, v1.7.5, v1.7.6, v1.7.7, v1.7.8, v1.7.9, v1.7.10, v1.7.11, v1.7.12, v1.7.13, v1.7.14, v1.8.0, v1.8.1, v1.8.2, v1.8.3, v1.8.4, v1.8.5, v1.8.6, v1.8.7, v1.8.8, v1.8.9, v1.8.10, v1.8.11, v1.8.12, v1.8.13, v1.8.14, v1.8.15, v1.8.16, v1.8.17, v1.8.18, v1.8.19, v1.9.0, v1.9.1, v1.9.2, v1.9.3, v1.9.4, v1.9.5, v1.9.6, v1.9.7, v1.9.8, v1.9.9, v1.9.10, v1.9.11, v1.9.12, v1.9.13, v1.9.14, v1.9.15, v1.9.16, v1.9.17, v1.10.0, v1.10.1, v1.10.2, v1.10.3, v1.10.4, v1.10.5, v1.10.6, v1.10.7, v1.10.8, v1.10.9, v1.10.10, v1.10.11, v1.10.12, v1.11.0, v1.11.1, v1.11.2, v1.11.3, v1.11.4, v1.11.5, v1.11.6, v1.11.7, v1.11.8, v1.11.9, v1.11.10, v1.11.11, v1.12.0, v1.12.1, v1.12.2, v1.12.3, v1.12.4, v1.12.5, v1.12.6, v1.12.7, v1.12.8, v1.12.9, v1.13.0, v1.13.1, v1.13.2, v1.13.3, v1.13.4, v1.13.5, v1.13.6, v1.13.7, v1.13.8, v1.13.9, v1.14.0, v1.14.1, v1.14.2, v1.14.3, v1.14.4, v1.14.5, v1.14.6, v1.14.7, v1.14.8, v1.14.9, v1.14.10, v1.14.11, v1.15.0, v1.15.1, v1.15.2, v1.15.3, v1.15.4, v1.15.5, v1.15.6, v1.15.7, v1.15.8, v1.15.9, v1.15.10, v1.15.11, v1.16.0, v1.16.1, v1.16.2, v1.16.3, v1.16.4, v1.16.5, v1.16.6, v1.16.7, v1.17.0, v1.17.1, v1.17.2, v1.17.3, v1.17.4, v1.18.0, v1.18.1, v1.18.2, v1.19.0, v1.19.1, v1.19.2, v1.20.0, v1.20.1, v1.20.2, v1.20.3, v1.20.4, v1.20.5, v1.20.6, v1.21.0, v1.21.1, v1.21.2, v1.21.3, v1.21.4, v1.21.5, v1.22.0

HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/consul/discoverychain

References:

Identifiers

GHSA-q2qr-3c2p-9235

CVE-2020-12758

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0063

EPSS Percentile: 0.69618

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/hashicorp/consul

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON