CVE-2023-34451

Name of the Vulnerable Software and Affected Versions CometBFT versions v0.34.28 and prior, v0.37.0, v0.37.1

Description The mempool in CometBFT maintains two data structures, a list and a map, to track outstanding transactions. These data structures are supposed to be in sync, with the map tracking the index of the transaction in the list. However, in affected versions, it is possible for these data structures to fall out of sync, leading to duplicate transactions that cannot be removed, even after they are committed in a block. The only way to remove the transaction is by restarting the node. This issue can be exploited by an attacker to bring down a node by repeatedly submitting duplicate transactions.

Recommendations For versions v0.34.28 and prior, update to version v0.34.29 or later. For versions v0.37.0 and v0.37.1, update to version v0.37.2 or later. As a temporary workaround, consider increasing the value of cache size in config.toml to make it difficult to effectively attack a full node. Restrict access to the transaction submission RPCs to minimize the risk of exploitation.