CVE-2020-5303

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

GHSA-V24H-PJJV-MCP6 Denial of service in Tendermint

Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...

CVE-2020-5303 Denial of service in Tendermint

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

CVE-2020-5303

CVE-2020-5303 affects Tendermint prior to 0.33.3, 0.32.10 and 0.31.12. The issues include a denial-of-service risk from unconstrained P2P connection attempts that allocates memory per connection, potentially causing temporary spikes and OOM, and a memory leak where activeIDs are not reclaimed aft...