CNNVD-202510-3778 Information

Oct 28, 2025 cve

CNNVD ID

CNNVD-202510-3778

CVE-2025-11375

  • CNNVD Published: 2025-10-28

Description (Chinese)

HashiCorp Consul和HashiCorp Consul Enterprise都是美国HashiCorp公司的产品。HashiCorp Consul是一套分布式、高可用数据中心感知解决方案。该产品用于跨动态分布式基础架构连接和配置应用程序。HashiCorp Consul Enterprise是一个系统服务发现和配置管理工具。 HashiCorp Consul和HashiCorp Consul Enterprise存在安全漏洞,该漏洞源于Content Length标头缺少最大值限制,可能导致拒绝服务攻击。

Description (English)

HashiCorp Consul and HashiCorp Consul Enterprise are products of HashiCorp in the United States. HashiCorp Consul is a distributed, highly available data centre sensory solution. The product is used to connect and configure applications across dynamic distributed infrastructure. HashiCorp Consul Enterprise is a system service discovery and configuration management tool. HashiCorp Consul and HashiCorp Consul Enterprise had a security loophole, which stemmed from the lack of maximum value limits at the Content Length logo, which could lead to a denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HashiCorp

Published

2025-10-28

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-28-consuls-event-endpoint-is-vulnerable-to-denial-of-service/76723

Patch

https://www.hashicorp.com/en/products/consul

Share on: