Описание
Consul event endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-11375
- https://github.com/hashicorp/consul/pull/22836
- https://github.com/hashicorp/consul/commit/e794201d0c618333d81ad775270f7b32801178fb
- https://discuss.hashicorp.com/t/hcsec-2025-28-consuls-event-endpoint-is-vulnerable-to-denial-of-service/76723
- https://github.com/hashicorp/consul/releases/tag/v1.22.0
- https://pkg.go.dev/vuln/GO-2025-4082
Пакеты
github.com/hashicorp/consul
< 1.22.0
1.22.0
Связанные уязвимости
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) event endpoin ...
Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
