Veracode Vulnerability DatabaseVERACODE:41232Denial Of Service (DoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
30.9%
github.com/cometbft/cometbft is vulnerable to Denial of Service (DoS) attacks. A deadlock is introduced when serializing the struct PeerState to JSON when the new method MarshallJSON is used. One way is via Logs, putting the consensus module to debug level, and changing the output format to JSON. On the other hand, RPC dump_consensus_state will finally encounter the impasse, stopping the node, causing the application to crash.
References
github.com/advisories/GHSA-mvj3-qrqh-cjvr
github.com/cometbft/cometbft/commit/2a526cae86181699e4ed50ec409268341538f374
github.com/cometbft/cometbft/commit/9a453da40d65d89da94cb145c81e861c821cc376
github.com/cometbft/cometbft/pull/524
github.com/cometbft/cometbft/pull/863
github.com/cometbft/cometbft/pull/865
github.com/cometbft/cometbft/security/advisories/GHSA-mvj3-qrqh-cjvr
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
30.9%