10 matches found
EUVD-2022-7141
Malicious code in bioql PyPI...
CVE-2021-21271
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
GHSA-P658-8693-MHVG Tendermint Core vulnerable to Uncontrolled Resource Consumption
Description Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. This algorithm relies o...
CVE-2021-21271
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
CVE-2021-21271
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
Design/Logic Flaw
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
CVE-2021-21271
Tendermint Core CVE-2021-21271 describes a DoS due to timestamp miscalculation of DuplicateVoteEvidence during consensus. In v0.34.0–v0.34.2, the consensus reactor formed DuplicateVoteEvidence using last-commit timestamps, which could differ across nodes for the same height since a block hadn’t f...
CVE-2021-21271 Denial of service in TenderMint Core
Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...
Tendermint Resource Management Error Vulnerability
Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint, Inc. in the United States. A security vulnerability exists in Tendermint Core, which stems from the fact that any node with an invalid DuplicateVoteEvidence will present invalid evidence...
PT-2021-14378 · Unknown · Tendermint Core
Name of the Vulnerable Software and Affected Versions: Tendermint Core versions 0.34.0 through 0.34.2 Description: The issue arises from the mishandling of timestamps during the consensus process in Tendermint Core, which can cause a denial of service. When double signs are observed, the consensu...