Lucene search
K

66 matches found

OSV
OSV
added 2020/04/10 7:15 p.m.17 views

CVE-2020-5303

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

3.7CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2020/04/10 7:15 p.m.29 views

Design/Logic Flaw

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

4.3CVSS4.6AI score0.01336EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/04/10 6:30 p.m.151 views

CVE-2020-5303

CVE-2020-5303 affects Tendermint prior to 0.33.3, 0.32.10 and 0.31.12. The issues include a denial-of-service risk from unconstrained P2P connection attempts that allocates memory per connection, potentially causing temporary spikes and OOM, and a memory leak where activeIDs are not reclaimed aft...

4.3CVSS3.9AI score0.01336EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/04/10 6:30 p.m.33 views

CVE-2020-5303 Denial of service in Tendermint

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

3.1CVSS4.2AI score0.01336EPSS
Exploits0References3
Veracode
Veracode
added 2018/08/07 2:49 a.m.9 views

Information Disclosure

github.com/tendermint/tendermint is vulnerable to information disclosure. This is due to rejected inbound connection objects due to max peers not closing properly, which causes file descriptors to be leaked. This can also be exploited to cause nodes to panic from use of too many file descriptors...

6.2AI score
Exploits0
Veracode
Veracode
added 2017/10/20 8:28 a.m.9 views

Denial Of Service (DoS) Through Integer Overflow

github.com/tendermint/go-wire is vulnerable to denial of service DoS attacks. The library does not ensure the input to be encoded is less than the maximum integer value accepted, allowing a malicious user to cause an integer overflow that crashes the application...

6.6AI score
Exploits0
Rows per page
Query Builder