CVE-2019-25072

Summary

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.

Affected Software

VendorProductVersion RangeStatus
github.com/tendermint/tendermintgithub.com/tendermint/tendermint/rpc/lib/client0 < 0.31.1affected

Weaknesses

  • CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References