Primary

Context

HashiCorp Consul and Consul Enterprise Denial-of-Service Vulnerability in Key/Value Endpoint

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the key/value endpoint of HashiCorp Consul and Consul Enterprise. This issue arises from improper validation of the Content Length header, allowing attackers to send large payloads that could exhaust memory resources, leading to service disruption or system instability. The vulnerability affects Consul Community Edition versions prior to 1.21.5 and Consul Enterprise versions prior to 1.21.5, 1.20.7, 1.19.9 and 1.18.11.

Impact

Exploitation of this vulnerability can cause memory exhaustion, resulting in a denial-of-service condition where the system becomes unresponsive or unavailable.

Remediation

Users are advised to upgrade to Consul Community Edition 1.22.0 or Consul Enterprise 1.22.0, 1.21.6, 1.20.8 or 1.18.12. Consult Consul's upgrading documentation for guidance on the upgrade process.

Added: Oct 28, 2025, 9:28 PM

Updated: Oct 28, 2025, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HashiCorp Consul and Consul Enterprise Denial-of-Service Vulnerability in Key/Value Endpoint

Vulnerability

Impact

Remediation

Affected Products

HashiCorp Consul

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating