CVE-2023-36815

Summary

CVE-2023-34450 is a vulnerability affecting CometBFT, a Byzantine Fault Tolerant middleware. In versions 0.34.28 and 0.37.1, an internal modification to the way `PeerState` is serialized to JSON introduced a deadlock when the `MarshallJSON` function is called. This function can be triggered from logs or RPC requests. In the first scenario, setting the logging module to "debug" level and JSON output format can lead to a deadlock in most goroutines, effectively halting the node. In the second scenario, only the data structures related to the first peer will be deadlocked, along with the handling threads for RPC requests. This means that only one channel of communication to the node's peers will be blocked, and the peer will eventually time out and be excluded from the list. The theoretical worst-case scenario involves a network with only two validator nodes, both having only one `PeerState` struct each. Calling `dump_consensus_state` RPC in either node results in a deadlock, causing the chain to halt until the peer connections time out. After the nodes reconnect, the process can be repeated. This issue was resolved in versions 0.34.29 and 0.37.2. To mitigate the risk, users should avoid setting the log output to JSON or the consensus logging module to "debug" level in production. For the RPC endpoint, it's recommended not to expose it to the public internet.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.