CVE-2023-34451 – CVE-2023-34451 is a memory exhaustion vulnerabi... (How to Fix)

Q: What is the severity of CVE-2023-34451?

CVE-2023-34451 has a CVSS score of 8.2 (HIGH). CVE-2023-34451 is a memory exhaustion vulnerability in CometBFT where desynchronization between mempool data structures allows attackers to flood nodes with duplicate transactions, causing transaction accumulation and potential node crashes. This affects all CometBFT nodes running vulnerable versions, particularly those exposed to transaction submission RPCs.

📋 TL;DR

CVE-2023-34451 is a memory exhaustion vulnerability in CometBFT where desynchronization between mempool data structures allows attackers to flood nodes with duplicate transactions, causing transaction accumulation and potential node crashes. This affects all CometBFT nodes running vulnerable versions, particularly those exposed to transaction submission RPCs.

💻 Affected Systems

Products:

CometBFT
Tendermint

Versions: All versions before v0.34.29 and v0.37.2, specifically including v0.37.0, v0.37.1, v0.34.28, and all previous releases

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Nodes with exposed transaction submission RPC endpoints are most vulnerable. Full nodes are primary targets.

📦 What is this software?

Cometbft by Cometbft

View all CVEs affecting Cometbft →

Cometbft by Cometbft

View all CVEs affecting Cometbft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete node crash and denial of service, disrupting blockchain consensus and network availability for extended periods until manual restart.

🟠

Likely Case

Progressive memory exhaustion leading to degraded node performance, transaction processing delays, and eventual node unresponsiveness requiring restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting, though some performance degradation may still occur under heavy attack.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires ability to submit transactions to vulnerable node, either via RPC or through a malicious peer node.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.34.29 and v0.37.2

Vendor Advisory: https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm

Restart Required: Yes

Instructions:

1. Backup configuration and data. 2. Stop CometBFT service. 3. Update to v0.34.29 or v0.37.2 using package manager or manual installation. 4. Restart service and verify functionality.

🔧 Temporary Workarounds

Increase cache_size

all

Larger cache makes effective attacks more difficult by requiring more resources from attacker

Edit config.toml and increase cache_size value significantly

Restrict RPC access

all

Limit transaction submission RPC endpoints to trusted networks only

Configure RPC firewall rules or use network segmentation

🧯 If You Can't Patch

Implement strict network segmentation to isolate transaction submission endpoints
Deploy rate limiting and transaction filtering at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check CometBFT version: cometbft version | grep -E '0\.(34\.(0-28)|37\.(0-1))'

Check Version:

cometbft version

Verify Fix Applied:

Verify version is v0.34.29 or v0.37.2 or higher: cometbft version

📡 Detection & Monitoring

Log Indicators:

Unusual transaction duplication in mempool logs
Increasing memory usage without corresponding block commits
Repeated transaction processing errors

Network Indicators:

High volume of identical transactions from single sources
Abnormal P2P traffic patterns

SIEM Query:

source="cometbft" AND ("duplicate transaction" OR "mempool full" OR memory>threshold)

📊 Metadata

CVE ID: CVE-2023-34451

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-401

Published: July 3, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/cometbft/cometbft/pull/890 Exploit,Issue Tracking,Patch
https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm Exploit,Mitigation,Vendor Advisory
https://github.com/tendermint/tendermint/pull/2778 Issue Tracking,Patch
https://github.com/cometbft/cometbft/pull/890 Exploit,Issue Tracking,Patch
https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm Exploit,Mitigation,Vendor Advisory
https://github.com/tendermint/tendermint/pull/2778 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34451, you might also want to check these: