Lucene search
K

66 matches found

Hacker One
Hacker One
added 2021/11/10 8:38 p.m.22 views

Cosmos: Unclaimed official s3 bucket of tendermint(tendermint-packages) which is used by many other blockchain companies in their code

An unclaimed official S3 bucket of Tendermint, which was also used by many other blockchain companies and developers, was discovered. An attacker could have hosted malicious files on the bucket, causing harm to the companies or developers using it for package installation. The vulnerability has...

7.1AI score
Exploits0
OSV
OSV
added 2021/05/27 6:44 p.m.48 views

GHSA-V24H-PJJV-MCP6 Denial of service in Tendermint

Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...

3.1CVSS3.9AI score0.01336EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/05/27 6:44 p.m.77 views

Denial of service in Tendermint

Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...

4.3CVSS4.8AI score0.01336EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2021/01/27 5:17 a.m.13 views

Denial Of Service (DoS)

github.com/tendermint/tendermint is vulnerable to denial of service. A race condition in the way timestamps are be calculated allows an attacker to cause a deadlock and deny users service to the application...

6.5CVSS4.5AI score0.01742EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/01/26 9:15 p.m.13 views

CVE-2021-21271

Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...

6.5CVSS6.3AI score0.01742EPSS
Exploits0References3
OSV
OSV
added 2021/01/26 9:15 p.m.23 views

CVE-2021-21271

Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...

6.5CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2021/01/26 9:15 p.m.16 views

Design/Logic Flaw

Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...

4CVSS6.3AI score0.01742EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/01/26 8:55 p.m.68 views

CVE-2021-21271

Tendermint Core CVE-2021-21271 describes a DoS due to timestamp miscalculation of DuplicateVoteEvidence during consensus. In v0.34.0–v0.34.2, the consensus reactor formed DuplicateVoteEvidence using last-commit timestamps, which could differ across nodes for the same height since a block hadn’t f...

6.5CVSS6.3AI score0.01742EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/01/26 8:55 p.m.25 views

CVE-2021-21271 Denial of service in TenderMint Core

Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...

6.5CVSS6.6AI score0.01742EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/01/26 12:0 a.m.8 views

PT-2021-14378 · Unknown · Tendermint Core

Name of the Vulnerable Software and Affected Versions: Tendermint Core versions 0.34.0 through 0.34.2 Description: The issue arises from the mishandling of timestamps during the consensus process in Tendermint Core, which can cause a denial of service. When double signs are observed, the consensu...

6.5CVSS6.2AI score0.01742EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.8 views

Tendermint Resource Management Error Vulnerability

Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint, Inc. in the United States. A security vulnerability exists in Tendermint Core, which stems from the fact that any node with an invalid DuplicateVoteEvidence will present invalid evidence...

6.5CVSS6.6AI score0.01742EPSS
Exploits0References4
Veracode
Veracode
added 2020/07/03 4:32 a.m.15 views

Denial Of Service (DoS)

github.com/tendermint/tendermint is vulnerable to denial of service DoS. The vulnerability exists as it allowed signatures to be included for the wrong block, causing the commits not to validate and invalidating the proposed blocks...

6.5CVSS3.3AI score0.00905EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/07/03 12:0 a.m.3 views

Tendermint Data Forgery Issue Vulnerability

Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint Inc. in the United States. A data forgery vulnerability exists in Tendermint v0.33.0 and later versions fixed in v0.33.6. The vulnerability arises from a network system or product that does not adequately validate the...

6.5CVSS6.8AI score0.00905EPSS
Exploits1References1
NVD
NVD
added 2020/07/02 5:15 p.m.33 views

CVE-2020-15091

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

6.5CVSS0.00905EPSS
Exploits1References3
OSV
OSV
added 2020/07/02 5:15 p.m.12 views

CVE-2020-15091

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

6.5CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2020/07/02 5:15 p.m.12 views

Design/Logic Flaw

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

4CVSS6.2AI score0.00905EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/07/02 5:5 p.m.29 views

CVE-2020-15091 Denial of Service in TenderMint

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

6.5CVSS6.2AI score0.00905EPSS
Exploits1References3
CVE
CVE
added 2020/07/02 5:5 p.m.48 views

CVE-2020-15091

CVE-2020-15091 affects Tendermint up to v0.33.6: versions 0.33.0 through 0.33.5 allow a block proposer to include signatures for the wrong block, potentially halting the network. The root cause is signatures not guaranteed to correspond to the committed block, enabling a DoS condition where commi...

6.5CVSS6.1AI score0.00905EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/04/13 12:0 a.m.6 views

Tendermint Denial of Service Vulnerability

Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint Inc. in the United States. A denial of service vulnerability exists in Tendermint versions prior to 0.33.3, 0.32.10, and 0.31.12, which stems from the program failing to limit the number of P2P connection requests. An...

4.3CVSS6.7AI score0.01336EPSS
Exploits0References1
NVD
NVD
added 2020/04/10 7:15 p.m.35 views

CVE-2020-5303

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

4.3CVSS4.3AI score0.01336EPSS
Exploits0References3
Rows per page
Query Builder