CVE-2021-21271 – Denial of service in TenderMint Core

https://notcve.org/view.php?id=CVE-2021-21271

Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) • https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3 https://github.com/tendermint/tendermint/commit/a2a6852ab99e4a0f9e79f0ea8c1726e262e25c76 https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg • CWE-400: Uncontrolled Resource Consumption •