What is CVE-2021-21369?

CVE-2021-21369 is a medium-severity vulnerability in Hyperledger Besu, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2021-03-09.

How severe is CVE-2021-21369?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Resource exhaustion in Hyperledger Besu

CVE-2021-21369

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authenticati…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.006 (69.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Hyperledger Besu — versions < 1.5.1

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

github.com/hyperledger/besu/security/advisories/GHSA-qgfj-mjpc-7w3q (x_refsource_CONFIRM)
github.com/hyperledger/besu/blob/master/CHANGELOG.md (x_refsource_MISC)
github.com/hyperledger/besu/pull/1144 (x_refsource_MISC)
github.com/hyperledger/besu/commit/06e35a58c07a30c0fbdc0aae45a3e8b06b53c022 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21369?: CVE-2021-21369 is a medium-severity vulnerability in Hyperledger Besu, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2021-03-09.
How severe is CVE-2021-21369?: Medium severity. CVSS v3 base score is 6.5 out of 10.