Denial Of Service (DoS)

github.com/cometbft/cometbft is vulnerable to Denial of Service DoS attacks. A deadlock is introduced when serializing the struct PeerState to JSON when the new method MarshallJSON is used. One way is via Logs, putting the consensus module to debug level, and changing the output format to JSON. O...

GO-2023-1882 Deadlock in github.com/cometbft/cometbft/consensus

An internal modification to the way PeerState is serialized to JSON introduced a deadlock when the new function MarshalJSON is called. This function can be called in two ways. The first is via logs, by setting the consensus logging module to "debug" level which should not happen in production, an...

GHSA-MVJ3-QRQH-CJVR CometBFT PeerState JSON serialization deadlock

Impact An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs Setting the consensus logging module to "debug" level should not happen in production, and...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...