CVE-2019-25072
- EPSS 0.12%
- Veröffentlicht 27.12.2022 22:15:11
- Zuletzt bearbeitet 11.04.2025 17:15:33
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
CVE-2021-21271
- EPSS 0.57%
- Veröffentlicht 26.01.2021 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:54
Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of han...
CVE-2020-15091
- EPSS 0.15%
- Veröffentlicht 02.07.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:04:47
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A ma...
CVE-2020-5303
- EPSS 0.32%
- Veröffentlicht 10.04.2020 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:33:52
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collec...