Denial Of Service (DoS)
Discription

github.com/cometbft/cometbft is vulnerable to Denial of Service (DoS) attacks. A deadlock is introduced when serializing the struct `PeerState` to JSON when the new method `MarshallJSON` is used. One way is via Logs, putting the `consensus` module to `debug` level, and changing the output format to JSON. On the other hand, RPC `dump_consensus_state` will finally encounter the impasse, stopping the node, causing the application to crash.Read More

Back to Main

Subscribe for the latest news: