CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5303 – Denial of service in Tendermint
https://notcve.org/view.php?id=CVE-2020-5303
10 Apr 2020 — Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim activeID of a peer after it's removed in Memp... • https://github.com/tendermint/tendermint/commit/e2d6859afd7dba4cf97c7f7d412e7d8fc908d1cd • CWE-787: Out-of-bounds Write CWE-789: Memory Allocation with Excessive Size Value •