66 matches found
Cosmos: Unclaimed official s3 bucket of tendermint(tendermint-packages) which is used by many other blockchain companies in their code
An unclaimed official S3 bucket of Tendermint, which was also used by many other blockchain companies and developers, was discovered. An attacker could have hosted malicious files on the bucket, causing harm to the companies or developers using it for package installation. The vulnerability has...
GHSA-V24H-PJJV-MCP6 Denial of service in Tendermint
Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...
Denial of service in Tendermint
Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...
Denial Of Service (DoS)
github.com/tendermint/tendermint is vulnerable to denial of service. A race condition in the way timestamps are be calculated allows an attacker to cause a deadlock and deny users service to the application...
CVE-2021-21271
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
CVE-2021-21271
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
Design/Logic Flaw
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
CVE-2021-21271
Tendermint Core CVE-2021-21271 describes a DoS due to timestamp miscalculation of DuplicateVoteEvidence during consensus. In v0.34.0–v0.34.2, the consensus reactor formed DuplicateVoteEvidence using last-commit timestamps, which could differ across nodes for the same height since a block hadn’t f...
CVE-2021-21271 Denial of service in TenderMint Core
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
PT-2021-14378 · Unknown · Tendermint Core
Name of the Vulnerable Software and Affected Versions: Tendermint Core versions 0.34.0 through 0.34.2 Description: The issue arises from the mishandling of timestamps during the consensus process in Tendermint Core, which can cause a denial of service. When double signs are observed, the consensu...
Tendermint Resource Management Error Vulnerability
Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint, Inc. in the United States. A security vulnerability exists in Tendermint Core, which stems from the fact that any node with an invalid DuplicateVoteEvidence will present invalid evidence...
Denial Of Service (DoS)
github.com/tendermint/tendermint is vulnerable to denial of service DoS. The vulnerability exists as it allowed signatures to be included for the wrong block, causing the commits not to validate and invalidating the proposed blocks...
Tendermint Data Forgery Issue Vulnerability
Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint Inc. in the United States. A data forgery vulnerability exists in Tendermint v0.33.0 and later versions fixed in v0.33.6. The vulnerability arises from a network system or product that does not adequately validate the...
CVE-2020-15091
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...
CVE-2020-15091
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...
Design/Logic Flaw
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...
CVE-2020-15091 Denial of Service in TenderMint
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...
CVE-2020-15091
CVE-2020-15091 affects Tendermint up to v0.33.6: versions 0.33.0 through 0.33.5 allow a block proposer to include signatures for the wrong block, potentially halting the network. The root cause is signatures not guaranteed to correspond to the committed block, enabling a DoS condition where commi...
Tendermint Denial of Service Vulnerability
Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint Inc. in the United States. A denial of service vulnerability exists in Tendermint versions prior to 0.33.3, 0.32.10, and 0.31.12, which stems from the program failing to limit the number of P2P connection requests. An...
CVE-2020-5303
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...