66 matches found
CVE-2020-5303
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...
Design/Logic Flaw
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...
CVE-2020-5303
CVE-2020-5303 affects Tendermint prior to 0.33.3, 0.32.10 and 0.31.12. The issues include a denial-of-service risk from unconstrained P2P connection attempts that allocates memory per connection, potentially causing temporary spikes and OOM, and a memory leak where activeIDs are not reclaimed aft...
CVE-2020-5303 Denial of service in Tendermint
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...
Information Disclosure
github.com/tendermint/tendermint is vulnerable to information disclosure. This is due to rejected inbound connection objects due to max peers not closing properly, which causes file descriptors to be leaked. This can also be exploited to cause nodes to panic from use of too many file descriptors...
Denial Of Service (DoS) Through Integer Overflow
github.com/tendermint/go-wire is vulnerable to denial of service DoS attacks. The library does not ensure the input to be encoded is less than the maximum integer value accepted, allowing a malicious user to cause an integer overflow that crashes the application...