CVE-2019-25072

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-25072

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25072.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25072

Aliases

Downstream

UBUNTU-CVE-2019-25072

Published

2022-12-27T22:15:11.323Z

Modified

2025-11-20T11:02:47.940495Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.

References

Affected packages

Git / github.com/tendermint/tendermint

Affected ranges

Type: GIT
Repo: https://github.com/tendermint/tendermint
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

03085c2da23b179c4a51f59a03cb40aa4e85a613

Affected versions

0.*

0.1

0.19.0-rc1

0.19.0-rc2

0.2

v0.*

v0.0.0

v0.0.1

v0.10.0

v0.10.0-rc1

v0.10.0-rc2

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.11.0

v0.11.1

v0.12.0

v0.12.1

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.17.1

v0.18.0

v0.18.0-autodraft

v0.19.0

v0.19.0-rc3

v0.19.0-rc4

v0.19.1

v0.19.2

v0.19.2-rc0

v0.19.3

v0.19.3-rc0

v0.19.4-rc0

v0.19.5

v0.19.5-rc0

v0.19.5-rc1

v0.19.6

v0.19.6-rc2

v0.19.7

v0.19.7-rc0

v0.19.8

v0.19.9

v0.19.9-rc0

v0.20.0

v0.20.1-rc0

v0.21.0

v0.21.0-rc0

v0.21.1-rc1

v0.22.0

v0.22.0-autodraft

v0.22.0-rc0

v0.22.0-rc1

v0.22.0-rc2

v0.22.1

v0.22.2

v0.22.2-rc0

v0.22.3

v0.22.4

v0.22.4-rc0

v0.22.5

v0.22.6

v0.22.6-rc0

v0.22.7

v0.22.8

v0.22.8-autodraft

v0.22.8-rc0

v0.23.0

v0.23.1

v0.24.0

v0.24.0-rc0

v0.25.0

v0.26.0

v0.26.0-dev0

v0.26.1

v0.26.1-rc0

v0.26.1-rc1

v0.26.2

v0.26.2-rc0

v0.26.3

v0.26.4

v0.27.0

v0.27.0-dev0

v0.27.0-dev1

v0.27.0-rc0

v0.27.0-rc1

v0.27.1

v0.27.2

v0.27.3

v0.27.4

v0.28.0

v0.28.0-beta1

v0.28.0-dev0

v0.28.1

v0.29.0

v0.29.0-beta0

v0.29.0-beta1

v0.29.0-rc0

v0.29.1

v0.29.1-rc0

v0.29.2

v0.29.2-rc0

v0.29.2-rc1

v0.29.2-rc2

v0.30.0

v0.30.0-rc0

v0.30.1

v0.30.2

v0.31.0

v0.31.0-dev0

v0.31.0-rc0

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.0

v0.9.0

v0.9.1

v0.9.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25072.json"