Vulnerabilities > Tendermint

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2019-25072 Resource Exhaustion vulnerability in Tendermint
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
network
low complexity
tendermint CWE-400
7.5
2021-01-26 CVE-2021-21271 Unspecified vulnerability in Tendermint 0.34.0/0.34.1/0.34.2
Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines.
network
low complexity
tendermint
6.5
2020-07-02 CVE-2020-15091 Improper Verification of Cryptographic Signature vulnerability in Tendermint
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block.
network
low complexity
tendermint CWE-347
6.5
2020-04-10 CVE-2020-5303 Out-of-bounds Write vulnerability in Tendermint
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability.
network
high complexity
tendermint CWE-787
3.7