CVE-2023-34450
MEDIUM5.3EPSS 0.06%Deadlock in github.com/cometbft/cometbft/consensus
發布日:2023/7/5修改日:2024/5/20
描述
An internal modification to the way PeerState is serialized to JSON introduced a deadlock when the new function MarshalJSON is called. This function can be called in two ways. The first is via logs, by setting the consensus logging module to "debug" level (which should not happen in production), and setting the log output format to JSON. The second is via RPC dump_consensus_state.
受影響套件(2)
- Go/github.com/cometbft/cometbft>= 0.34.28, < 0.34.29
- Go/github.com/cometbft/cometbft>= 0.37.1, < 0.37.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-34450
- PATCHhttps://github.com/cometbft/cometbft
- WEBhttps://github.com/cometbft/cometbft/pull/524
- WEBhttps://github.com/cometbft/cometbft/pull/863
- WEBhttps://github.com/cometbft/cometbft/pull/865
- WEBhttps://github.com/cometbft/cometbft/security/advisories/GHSA-mvj3-qrqh-cjvr