Description
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixed in memberlist 0.6.0.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 08 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hashicorp
Hashicorp shared Library |
|
| Vendors & Products |
Hashicorp
Hashicorp shared Library |
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixed in memberlist 0.6.0. | |
| Title | Denial of service via crafted push/pull gossip message in memberlist | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: HashiCorp
Published:
Updated: 2026-07-08T19:40:16.119Z
Reserved: 2026-07-01T19:07:40.964Z
Link: CVE-2026-14362
Updated: 2026-07-08T18:29:57.500Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T19:00:07Z
Weaknesses
-
CWE-770
Allocation of Resources Without Limits or Throttling