Note:
This project will be discontinued after December 13, 2021. [more]
2020-06-11
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
| Products | Consul |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Patches | https://github.com/hashicorp/consul/pull/8023 |
| Links |
• https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
• https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md |