CVE & CISA-KEV Catalog

CVE-2023-34451

HIGH
8.2
CVSS v3
NVD

Description

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node. The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.

How to fix

Remediation Available
cometbftNVD
Affected:>= 0.37.0, < 0.37.2Fixed in:0.37.2CVE-2023-34451derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploit Intelligence

0.90%probability of exploitation in 30 days
55thpercentile

Moderate risk: more likely to be exploited than 55% of all known CVEs.

References

Related Vulnerabilities

Other CWE-401 (Missing Release of Memory (Memory Leak)) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2020-13934High7.564%-Fix
CVE-2016-6304High7.563%-Fix
CVE-2019-12265Medium5.355%-Fix
CVE-2001-0136Medium5.045%--
CVE-2016-4232High7.536%--
CVE-2001-0543Medium5.021%--
Embed a live status badge for CVE-2023-34451
CVE-2023-34451 severity badge

Markdown

[![CVE-2023-34451](https://tridentstack.com/cve/badge/CVE-2023-34451.svg)](https://tridentstack.com/cve/CVE-2023-34451)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-34451"><img src="https://tridentstack.com/cve/badge/CVE-2023-34451.svg" alt="CVE-2023-34451"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.