Vulnerability Report: GO-2023-1883

CVE-2023-34451, GHSA-w24w-wp77-qffm
Affects: github.com/cometbft/cometbft
Published: Jul 13, 2023
Modified: May 20, 2024

A bug in the CometBFT middleware causes the mempool's two data structures to fall out of sync. This can lead to duplicate transactions that cannot be removed, even after they are committed in a block. The only way to remove the transaction is to restart the node. This can be exploited by an attacker to bring down a node by repeatedly submitting duplicate transactions.

For detailed information about this vulnerability, visit https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm.

Affected Packages

Path

Go Versions

Symbols
github.com/cometbft/cometbft/mempool/v0

before v0.37.2
- CListMempool.CheckTx
- Reactor.ReceiveEnvelope

Aliases

CVE-2023-34451
GHSA-w24w-wp77-qffm

References

https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm
https://github.com/cometbft/cometbft/pull/890
https://github.com/tendermint/tendermint/pull/2778
https://vuln.go.dev/ID/GO-2023-1883.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL