CVE-2019-25072
HIGHTendermint <= 0.31.1 - Denial of Service via Gzip Compression
Title source: llmDescription
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
Third Party Advisory
https://github.com/tendermint/tendermint/pull/3430
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0037
Scores
CVSS v3
7.5
EPSS
0.0113
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (2)
tendermint/tendermint
< 0.31.1
tendermint/tendermint
0 - 0.31.1Go
Published
Dec 27, 2022
Tracked Since
Feb 18, 2026