GO-2022-1052
- Source
- https://pkg.go.dev/vuln/GO-2022-1052
- Import Source
- https://vuln.go.dev/ID/GO-2022-1052.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2022-1052
- Aliases
- Published
- 2022-10-14T23:59:50Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Uncontrolled resource consumption during consensus in github.com/tendermint/tendermint
- Details
-
Mishandling of timestamps during consensus process can cause a denial of service.
While reaching consensus, different tendermint nodes can observe a different timestamp for a consensus evidence. This mismatch can cause the evidence to be invalid, upon which the node producing the evidence will be asked to generate a new evidence. This new evidence will be the same, which means it will again be rejected by other nodes involved in the consensus. This loop will continue until the peer nodes decide to disconnect from the node producing the evidence.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2022-1052", "review_status": "REVIEWED" }- References
- Credits
-
-
- cmwaters (Github)
-
Affected packages
Go / github.com/tendermint/tendermint
Package
- Name
- github.com/tendermint/tendermint
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/tendermint/tendermint
Ecosystem specific
{
"imports": [
{
"symbols": [
"Pool.CheckEvidence",
"Pool.Update"
],
"path": "github.com/tendermint/tendermint/evidence"
},
{
"symbols": [
"BaseWAL.OnStart",
"Handshaker.Handshake",
"Handshaker.ReplayBlocks",
"Reactor.OnStart",
"Reactor.SwitchToConsensus",
"RunReplayFile",
"State.OnStart",
"State.OpenWAL",
"State.ReplayFile",
"State.tryAddVote",
"WALGenerateNBlocks",
"WALWithNBlocks"
],
"path": "github.com/tendermint/tendermint/consensus"
}
]
}