CVE-2023-34450

CometBFT (CVE-2023-34450) describes a deadlock in PeerState JSON serialization introduced by a change in versions 0.34.28 and 0.37.1. The deadlock can be triggered either by logging to JSON (consensus module set to debug) or by the RPC dump_consensus_state, potentially halting the node. The issue...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

CometBFT 安全漏洞

CometBFT is a Byzantine Fault Tolerant BFT middleware that employs stateful transducers written in any programming language and can be safely replicated on many machines. A security vulnerability exists in CometBFT versions v0.34.28, v0.37.1 that stems from the introduction of a deadlock when...

CometBFT 安全漏洞

CometBFT is a Byzantine Fault Tolerant BFT middleware that employs state transducers written in any programming language and can be safely replicated on many machines. A security vulnerability exists in CometBFT versions prior to v0.37.0, v0.37.1, and v0.34.28, which stems from the fact that the...