cbcvebase.

Github.Com Cometbft Cometbft vulnerabilities

3 known vulnerabilities affecting github.com/cometbft_cometbft.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-34451P3HIGH≥ 0, < 0.34.29≥ 0.37.0, < 0.37.22023-07-05
CVE-2023-34451 [HIGH] CWE-401 CometBFT may duplicate transactions in the mempool's data structures CometBFT may duplicate transactions in the mempool's data structures ### Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. Unfortunately, it is possible to have them out of sync. When this
ghsaosv
CVE-2025-24371P3MEDIUM≥ 1.0.0-alpha.1, < 1.0.1≥ 0, < 0.38.172025-02-03
CVE-2025-24371 [MEDIUM] CWE-703 CometBFT allows a malicious peer to make node stuck in blocksync CometBFT allows a malicious peer to make node stuck in blocksync Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT [OUTDATED] Criticality: Medium (Considerable Impact; Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) **Update of Criticality on 2026-03-06**: We've made a mist
ghsaosv
CVE-2023-34450P4MEDIUM≥ 0.34.28, < 0.34.29≥ 0.37.1, < 0.37.22023-07-05
CVE-2023-34450 [MEDIUM] CWE-401 CometBFT PeerState JSON serialization deadlock CometBFT PeerState JSON serialization deadlock ### Impact An internal modification to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs * Setting the `consensus` logging module to "debug" level (should not happen in production), and * Setting the log output format to JSON 2. Via RPC `dump_consensus
ghsaosv
Github.Com Cometbft Cometbft vulnerabilities | cvebase