CVE-2019-25072

Published: Dec 27, 2022

Modified: Apr 11, 2025

PUBLISHED

Description

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.

Vendor	Product	Versions
github.com/tendermint/tendermint	github.com/tendermint/tendermint/rpc/lib/client	affected `0 - < 0.31.1`

References

https://github.com/tendermint/tendermint/pull/3430

https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613

https://pkg.go.dev/vuln/GO-2020-0037

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-25072

Description

Affected Products

References