Uncontrolled resource consumption in github.com/tendermint/tendermint

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.

N/A

N/A

Tendermint 资源管理错误漏洞

Tendermint是美国Tendermint公司的一款Byzantine Fault Tolerant (BFT) 式中间件。 Tendermint 存在安全漏洞，该漏洞源于请求主体中支持Gzip压缩，并且没有限制响应主体大小，从而导致客户端消耗大量系统资源，这可能被用作拒绝服务向量。

N/A

N/A