Headline
GHSA-3fm3-m23v-5r46: Tendermint Client package vulnerable to Uncontrolled Resource Consumption
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
Tendermint Client package vulnerable to Uncontrolled Resource Consumption
High severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 30, 2022
Related news
CVE-2019-25072: rpc: client disable compression (#3430) · tendermint/tendermint@03085c2
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.