{"id":"CVE-2022-24687","details":"HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.","aliases":["BIT-consul-2022-24687","GHSA-hj93-5fg3-3chr","GO-2022-0953"],"modified":"2026-05-18T05:53:20.299101420Z","published":"2022-02-24T15:37:51Z","database_specific":{"cna_assigner":"mitre","unresolved_ranges":[{"extracted_events":[{"introduced":"1.9.0"},{"fixed":"1.9.14"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24687.json"},"references":[{"type":"WEB","url":"https://discuss.hashicorp.com"},{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24687.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24687"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-09"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220331-0006/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/consul","events":[{"introduced":"3111cb8c7df8545abaa0c96347996b5341ff625d"},{"fixed":"927778bd09be8d2c9025dc66d83d95e095424249"},{"introduced":"27de64da7095570012e9f8f7aec16aaf66d2a773"},{"fixed":"56171a4e791d6ee4308ec83c91736d079e627029"},{"introduced":"33a5f761316e03f2b16c6bd83e8d890d5e2f95e1"},{"fixed":"e319d7ed5f3a0fc31ca2621087f414f01df0b39f"}],"database_specific":{"extracted_events":[{"introduced":"1.8.0"},{"fixed":"1.9.15"},{"introduced":"1.10.0"},{"fixed":"1.10.8"},{"introduced":"1.11.0"},{"fixed":"1.11.3"}],"cpe":["cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*","cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*"],"source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24687.json"}}],"schema_version":"1.7.5"}