8.2
HIGH
CVE-2023-34451
"CometBFT Mempool Duplicates Encouragement Vulnerability"
Description

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node. The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.

INFO

Published Date :

July 3, 2023, 5:15 p.m.

Last Modified :

Nov. 21, 2024, 8:07 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

4.2

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2023-34451 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cometbft cometbft
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-34451.

URL Resource
https://github.com/cometbft/cometbft/pull/890 Exploit Issue Tracking Patch
https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm Exploit Mitigation Vendor Advisory
https://github.com/tendermint/tendermint/pull/2778 Issue Tracking Patch
https://github.com/cometbft/cometbft/pull/890 Exploit Issue Tracking Patch
https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm Exploit Mitigation Vendor Advisory
https://github.com/tendermint/tendermint/pull/2778 Issue Tracking Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-34451 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-34451 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://github.com/cometbft/cometbft/pull/890
    Added Reference https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm
    Added Reference https://github.com/tendermint/tendermint/pull/2778
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jul. 17, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
    Changed Reference Type https://github.com/cometbft/cometbft/pull/890 No Types Assigned https://github.com/cometbft/cometbft/pull/890 Exploit, Issue Tracking, Patch
    Changed Reference Type https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm No Types Assigned https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm Exploit, Mitigation, Vendor Advisory
    Changed Reference Type https://github.com/tendermint/tendermint/pull/2778 No Types Assigned https://github.com/tendermint/tendermint/pull/2778 Issue Tracking, Patch
    Added CWE NIST CWE-401
    Added CPE Configuration OR *cpe:2.3:a:cometbft:cometbft:*:*:*:*:*:*:*:* versions from (including) 0.34.28 up to (excluding) 0.34.29 *cpe:2.3:a:cometbft:cometbft:*:*:*:*:*:*:*:* versions from (including) 0.37.0 up to (excluding) 0.37.2
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-34451 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-34451 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.24 }} -0.20%

score

0.46434

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Jun. 28, 2025 1:22