CVE-2021-21271 – Denial of service in TenderMint Core

https://notcve.org/view.php?id=CVE-2021-21271

26 Jan 2021 — Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last... • https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3 • CWE-400: Uncontrolled Resource Consumption •