CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
30.9%
github.com/cometbft/cometbft is vulnerable to Denial of Service (DoS) attacks. A deadlock is introduced when serializing the struct PeerState
to JSON when the new method MarshallJSON
is used. One way is via Logs, putting the consensus
module to debug
level, and changing the output format to JSON. On the other hand, RPC dump_consensus_state
will finally encounter the impasse, stopping the node, causing the application to crash.
github.com/advisories/GHSA-mvj3-qrqh-cjvr
github.com/cometbft/cometbft/commit/2a526cae86181699e4ed50ec409268341538f374
github.com/cometbft/cometbft/commit/9a453da40d65d89da94cb145c81e861c821cc376
github.com/cometbft/cometbft/pull/524
github.com/cometbft/cometbft/pull/863
github.com/cometbft/cometbft/pull/865
github.com/cometbft/cometbft/security/advisories/GHSA-mvj3-qrqh-cjvr