Auto-merge PR#3554

2025-08-04 08:44:25 +00:00 · 2020-04-10 14:30:21 -04:00 · 2020-04-10 14:30:21 -04:00 · b7ceb4f17f
commit b7ceb4f17f
parent 70721fa3fa 460428d33b
1 changed files with 87 additions and 6 deletions
--- a/2020/5xxx/CVE-2020-5303.json
+++ b/2020/5xxx/CVE-2020-5303.json
@ -1,18 +1,99 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5303",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Denial of service in Tendermint"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Tendermint",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 0.32.0, < 0.32.10"
+                                        },
+                                        {
+                                            "version_value": ">= 0.33.0, < 0.33.3"
+                                        },
+                                        {
+                                            "version_value": "< 0.31.12"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Tendermint"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability.\n\nTendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated\n(due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions.\n\nAdditionally, Tendermint does not reclaim `activeID` of a peer after it's removed in Mempool reactor.\nThis does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created\nand added to all reactors. RemovePeer is therefore called before `AddPeer`, which leads to always growing memory (`activeIDs` map).\nThe activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a\nlot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking.\n\nThese issues are patched in Tendermint 0.33.3 and 0.32.10.\n\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in tendermint/tendermint\n* Email us at [security@tendermint.com](mailto:security@tendermint.com)\n\nMore information can be found here.\n\n### Credits\n\n- Ethan Buchman (@ebuchman) for writing a test case for Denial of Service 2 and Tess Rinearson (@tessr) for fixing it\n- Anton Kaliaev (@melekes) for fixing Denial of Service 1"
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "LOW",
+            "baseScore": 3.1,
+            "baseSeverity": "LOW",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-789: Uncontrolled Memory Allocation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/tendermint/tendermint/security/advisories/GHSA-v24h-pjjv-mcp6",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/tendermint/tendermint/security/advisories/GHSA-v24h-pjjv-mcp6"
+            },
+            {
+                "name": "https://hackerone.com/reports/820317",
+                "refsource": "MISC",
+                "url": "https://hackerone.com/reports/820317"
+            },
+            {
+                "name": "https://github.com/tendermint/tendermint/commit/e2d6859afd7dba4cf97c7f7d412e7d8fc908d1cd",
+                "refsource": "MISC",
+                "url": "https://github.com/tendermint/tendermint/commit/e2d6859afd7dba4cf97c7f7d412e7d8fc908d1cd"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-v24h-pjjv-mcp6",
+        "discovery": "UNKNOWN"
    }
 }