| { |
| "schema_version": "1.3.1", |
| "id": "GO-2023-1883", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2023-34451", |
| "GHSA-w24w-wp77-qffm" |
| ], |
| "summary": "Denial of service via OOM in github.com/cometbft/cometbft", |
| "details": "A bug in the CometBFT middleware causes the mempool's two data structures to fall out of sync. This can lead to duplicate transactions that cannot be removed, even after they are committed in a block. The only way to remove the transaction is to restart the node. This can be exploited by an attacker to bring down a node by repeatedly submitting duplicate transactions.", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/cometbft/cometbft", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.37.2" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/cometbft/cometbft/mempool/v0", |
| "symbols": [ |
| "CListMempool.CheckTx", |
| "CListMempool.resCbFirstTime", |
| "Reactor.ReceiveEnvelope" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/cometbft/cometbft/pull/890" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/tendermint/tendermint/pull/2778" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2023-1883", |
| "review_status": "REVIEWED" |
| } |
| } |