Deadlock in github.com/cometbft/cometbft/consensus

2023-07-0620:13:13

Google

osv.dev

github

cometbft

consensus

deadlock

peerstate

serialization

json

modification

logs

rpc

software

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

30.9%

JSON

An internal modification to the way PeerState is serialized to JSON introduced a deadlock when the new function MarshalJSON is called.

This function can be called in two ways. The first is via logs, by setting the consensus logging module to “debug” level (which should not happen in production), and setting the log output format to JSON. The second is via RPC dump_consensus_state.