CVE-2019-25072

CVSS V2 None CVSS V3 None

Description

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.

Overview

CVE ID
CVE-2019-25072

Assigner
security@golang.org

Vulnerability Status
Analyzed

Published Version
2022-12-27T22:15:11

Last Modified Date
2023-01-06T16:42:24

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:tendermint:tendermint::::::::	1	OR		0.31.1

References

Reference URL	Reference Tags
https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
https://github.com/tendermint/tendermint/pull/3430
https://pkg.go.dev/vuln/GO-2020-0037

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2019-25072
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25072

History

Created	Old Value	New Value	Data Type	Notes
2022-12-27 23:14:48				Added to TrackCVE
2022-12-27 23:14:50			Weakness Enumeration	new
2022-12-28 12:14:45		2022-12-28T10:18:56	CVE Modified Date	updated
2022-12-28 12:14:45	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-04 16:17:13	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-06 18:21:55		2023-01-06T16:42:24	CVE Modified Date	updated
2023-01-06 18:21:55	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-06 18:21:56			CPE Information	updated