Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2021-21271 Explained : Impact and Mitigation

Discover how CVE-2021-21271 in Tendermint Core 0.34.0 to 0.34.2 enables denial of service attacks. Learn about the impact, technical details, and mitigation steps.

Tendermint Core version 0.34.0 to 0.34.2 is affected by a vulnerability that allows DoS attacks through double signs. The release of version 0.34.3 addresses this issue by changing the way DuplicateVoteEvidence is handled.

Understanding CVE-2021-21271

This CVE involves a vulnerability in Tendermint Core that could be exploited for DoS attacks in versions 0.34.0 to 0.34.2.

What is CVE-2021-21271?

CVE-2021-21271 is a security vulnerability in Tendermint Core that enables Denial of Service (DoS) attacks due to inconsistencies in forming DuplicateVoteEvidence in versions 0.34.0 to 0.34.2.

The Impact of CVE-2021-21271

The vulnerability allows malicious actors to disrupt the network by triggering double signs, potentially causing nodes to disconnect or propose invalid evidence, affecting network stability.

Technical Details of CVE-2021-21271

The vulnerability is rated with a CVSS v3.1 base score of 6.5 (Medium severity) with a network-based attack vector and high availability impact. It is classified under CWE-400 (Uncontrolled Resource Consumption).

Vulnerability Description

Tendermint Core versions 0.34.0 to 0.34.2 mishandle the formation of DuplicateVoteEvidence, leading to inconsistent timestamps and the potential for DoS attacks through double signs.

Affected Systems and Versions

The vulnerability impacts Tendermint Core versions 0.34.0 to 0.34.2.

Exploitation Mechanism

By forming DuplicateVoteEvidence with different timestamps, attackers can exploit the inconsistency to cause disruption, leading to DoS attacks.

Mitigation and Prevention

To mitigate the CVE-2021-21271 vulnerability, users are recommended to update their Tendermint Core installations to version 0.34.3.

Immediate Steps to Take

Upgrade to Tendermint Core version 0.34.3 to prevent DoS attacks leveraging this vulnerability.

Long-Term Security Practices

Regularly update to the latest versions of Tendermint Core to patch known security issues and protect the network.

Patching and Updates

Stay informed about security releases and apply patches promptly to maintain a secure deployment.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now