CVE-2023-1297

Summary

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Affected Software

VendorProductVersion RangeStatus
HashiCorpConsul1.14.0 <= 1.14.5affected
HashiCorpConsul1.15.0 <= 1.15.3affected
HashiCorpConsul Enterprise1.14.0 <= 1.14.5affected
HashiCorpConsul Enterprise1.15.0 <= 1.15.3affected

Weaknesses

  • CWE-826: CWE-826: Premature Release of Resource During Expected Lifetime

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References