Vulnerabilities > Tendermint

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-27	CVE-2019-25072	Resource Exhaustion vulnerability in Tendermint Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector. network low complexity tendermint CWE-400	7.5
2021-01-26	CVE-2021-21271	Resource Exhaustion vulnerability in Tendermint 0.34.0/0.34.1/0.34.2 Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. network low complexity tendermint CWE-400	4.0
2020-07-02	CVE-2020-15091	Improper Verification of Cryptographic Signature vulnerability in Tendermint TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. network low complexity tendermint CWE-347	4.0
2020-04-10	CVE-2020-5303	Out-of-bounds Write vulnerability in Tendermint Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. network tendermint CWE-787	4.3

Vulnerabilities > Tendermint {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Tendermint"}]}