CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-15091 – Denial of Service in TenderMint
https://notcve.org/view.php?id=CVE-2020-15091
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit. TenderMint desde versión 0.33.0 y anteriores a versión 0.33.6, permite a proponentes de bloque incluir firmas para el bloque equivocado. • https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340 https://github.com/tendermint/tendermint/issues/4926 https://github.com/tendermint/tendermint/security/advisories/GHSA-6jqj-f58p-mrw3 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5303 – Denial of service in Tendermint
https://notcve.org/view.php?id=CVE-2020-5303
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim activeID of a peer after it's removed in Mempool reactor. • https://github.com/tendermint/tendermint/commit/e2d6859afd7dba4cf97c7f7d412e7d8fc908d1cd https://github.com/tendermint/tendermint/security/advisories/GHSA-v24h-pjjv-mcp6 https://hackerone.com/reports/820317 • CWE-787: Out-of-bounds Write CWE-789: Memory Allocation with Excessive Size Value •