CVE-2019-25072
Uncontrolled resource consumption in github.com/tendermint/tendermint
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
Debido a la compatibilidad con la compresión Gzip en los cuerpos de las solicitudes, así como a la falta de limitación del tamaño de los cuerpos de las respuestas, un servidor malicioso puede hacer que un cliente consuma una cantidad significativa de recursos del sistema, lo que puede usarse como un vector de denegación de servicio.
*Credits:
@guagualvcha
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-29 CVE Reserved
- 2022-12-27 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/tendermint/tendermint/pull/3430 | Third Party Advisory | |
| https://pkg.go.dev/vuln/GO-2020-0037 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tendermint Search vendor "Tendermint" | Tendermint Search vendor "Tendermint" for product "Tendermint" | < 0.31.1 Search vendor "Tendermint" for product "Tendermint" and version " < 0.31.1" | - |
Affected
| ||||||