Cosmos: Memory Exhaustion in CometBFT v1.0.1 via malicious ProposalMessage leads to network-wide denial of service

Summary of Impact CometBFT v1.0.1 contains a critical memory exhaustion vulnerability that allows any peer to crash nodes with a single 50-byte P2P message. An attacker can send a malicious ProposalMessage with PartSetHeader.Total set to 2^32-1, causing the receiving node to immediately allocate...