Vulnerabilities > Tendermint
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-27 | CVE-2019-25072 | Resource Exhaustion vulnerability in Tendermint Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector. | 7.5 |
2021-01-26 | CVE-2021-21271 | Unspecified vulnerability in Tendermint 0.34.0/0.34.1/0.34.2 Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. | 6.5 |
2020-07-02 | CVE-2020-15091 | Improper Verification of Cryptographic Signature vulnerability in Tendermint TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. | 6.5 |
2020-04-10 | CVE-2020-5303 | Out-of-bounds Write vulnerability in Tendermint Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. | 3.7 |