Allocation of Resources Without Limits or Throttling

CVE-2020-13250

High

7.5/10

Summary

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-770 - Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

Release Note
Pull request
Advisory

Advisory Timeline

Published Jun 11, 2020

Allocation of Resources Without Limits or Throttling

CVE-2020-13250

Summary

CWE-770 - Allocation of Resources Without Limits or Throttling

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS