-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- data/reports/GO-2024-3112.yaml Fixes #3112 Change-Id: I8994a6237e57ed892704ca4841a1ad8ed28090e1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/613258 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
- Loading branch information
Showing
2 changed files
with
545 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,298 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3112", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"GHSA-g5xx-c4hv-9ccc" | ||
], | ||
"summary": "CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft", | ||
"details": "CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/cometbft/cometbft", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0.37.0" | ||
}, | ||
{ | ||
"fixed": "0.37.11" | ||
}, | ||
{ | ||
"introduced": "0.38.0" | ||
}, | ||
{ | ||
"fixed": "0.38.12" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"imports": [ | ||
{ | ||
"path": "github.com/cometbft/cometbft/light", | ||
"symbols": [ | ||
"Client.TrustedLightBlock", | ||
"Client.Update", | ||
"Client.VerifyHeader", | ||
"Client.VerifyLightBlockAtHeight", | ||
"Client.compareFirstHeaderWithWitnesses", | ||
"Client.compareNewHeaderWithWitness", | ||
"Client.detectDivergence", | ||
"Client.findNewPrimary", | ||
"Client.initializeWithTrustOptions", | ||
"ErrInvalidHeader.Error", | ||
"ErrNewValSetCantBeTrusted.Error", | ||
"ErrOldHeaderExpired.Error", | ||
"ErrVerificationFailed.Error", | ||
"NewClient", | ||
"NewClientFromTrustedStore", | ||
"NewHTTPClient", | ||
"NewHTTPClientFromTrustedStore", | ||
"TrustOptions.ValidateBasic", | ||
"ValidateTrustLevel", | ||
"Verify", | ||
"VerifyAdjacent", | ||
"VerifyBackwards", | ||
"VerifyNonAdjacent", | ||
"errBadWitness.Error", | ||
"errConflictingHeaders.Error" | ||
] | ||
}, | ||
{ | ||
"path": "github.com/cometbft/cometbft/types", | ||
"symbols": [ | ||
"ABCIParams.VoteExtensionsEnabled", | ||
"Block.Hash", | ||
"Block.HashesTo", | ||
"Block.MakePartSet", | ||
"Block.Size", | ||
"Block.String", | ||
"Block.StringIndented", | ||
"Block.StringShort", | ||
"Block.ToProto", | ||
"Block.ValidateBasic", | ||
"BlockFromProto", | ||
"BlockID.Key", | ||
"BlockID.String", | ||
"BlockID.ValidateBasic", | ||
"BlockIDFromProto", | ||
"BlockMeta.ValidateBasic", | ||
"BlockMetaFromProto", | ||
"BlockMetaFromTrustedProto", | ||
"CanonicalTime", | ||
"CanonicalizeBlockID", | ||
"CanonicalizeProposal", | ||
"CanonicalizeVote", | ||
"Commit.GetVote", | ||
"Commit.Hash", | ||
"Commit.StringIndented", | ||
"Commit.ToVoteSet", | ||
"Commit.ValidateBasic", | ||
"Commit.VoteSignBytes", | ||
"CommitFromProto", | ||
"CommitSig.BlockID", | ||
"CommitSig.FromProto", | ||
"CommitSig.String", | ||
"CommitSig.ValidateBasic", | ||
"ConsensusParams.ValidateBasic", | ||
"ConsensusParams.ValidateUpdate", | ||
"Data.StringIndented", | ||
"DuplicateVoteEvidence.Bytes", | ||
"DuplicateVoteEvidence.Hash", | ||
"DuplicateVoteEvidence.String", | ||
"DuplicateVoteEvidence.ValidateBasic", | ||
"DuplicateVoteEvidenceFromProto", | ||
"ErrEvidenceOverflow.Error", | ||
"ErrInvalidCommitHeight.Error", | ||
"ErrInvalidCommitSignatures.Error", | ||
"ErrInvalidEvidence.Error", | ||
"ErrNotEnoughVotingPowerSigned.Error", | ||
"ErrVoteConflictingVotes.Error", | ||
"ErrVoteExtensionInvalid.Error", | ||
"EventBus.OnStart", | ||
"EventBus.OnStop", | ||
"EventBus.PublishEventNewBlock", | ||
"EventBus.PublishEventNewBlockEvents", | ||
"EventBus.PublishEventTx", | ||
"EventQueryTxFor", | ||
"EvidenceData.ByteSize", | ||
"EvidenceData.FromProto", | ||
"EvidenceData.Hash", | ||
"EvidenceData.StringIndented", | ||
"EvidenceData.ToProto", | ||
"EvidenceFromProto", | ||
"EvidenceList.Has", | ||
"EvidenceList.Hash", | ||
"EvidenceList.String", | ||
"EvidenceToProto", | ||
"ExtendedCommit.EnsureExtensions", | ||
"ExtendedCommit.GetByIndex", | ||
"ExtendedCommit.GetExtendedVote", | ||
"ExtendedCommit.ToExtendedVoteSet", | ||
"ExtendedCommit.ValidateBasic", | ||
"ExtendedCommitFromProto", | ||
"ExtendedCommitSig.EnsureExtension", | ||
"ExtendedCommitSig.FromProto", | ||
"ExtendedCommitSig.String", | ||
"ExtendedCommitSig.ValidateBasic", | ||
"GenesisDoc.SaveAs", | ||
"GenesisDoc.ValidateAndComplete", | ||
"GenesisDoc.ValidatorHash", | ||
"GenesisDocFromFile", | ||
"GenesisDocFromJSON", | ||
"Header.Hash", | ||
"Header.StringIndented", | ||
"Header.ValidateBasic", | ||
"HeaderFromProto", | ||
"LightBlock.String", | ||
"LightBlock.StringIndented", | ||
"LightBlock.ToProto", | ||
"LightBlock.ValidateBasic", | ||
"LightBlockFromProto", | ||
"LightClientAttackEvidence.Bytes", | ||
"LightClientAttackEvidence.Hash", | ||
"LightClientAttackEvidence.String", | ||
"LightClientAttackEvidence.ToProto", | ||
"LightClientAttackEvidence.ValidateBasic", | ||
"LightClientAttackEvidenceFromProto", | ||
"MakeBlock", | ||
"MakeExtCommit", | ||
"MakeVote", | ||
"MakeVoteNoError", | ||
"MaxDataBytes", | ||
"MaxDataBytesNoEvidence", | ||
"MockPV.SignProposal", | ||
"MockPV.SignVote", | ||
"MockPV.String", | ||
"NewBlockMeta", | ||
"NewDuplicateVoteEvidence", | ||
"NewErroringMockPV", | ||
"NewMockDuplicateVoteEvidence", | ||
"NewMockDuplicateVoteEvidenceWithValidator", | ||
"NewMockPV", | ||
"NewValidatorSet", | ||
"Part.String", | ||
"Part.StringIndented", | ||
"Part.ValidateBasic", | ||
"PartFromProto", | ||
"PartSet.AddPart", | ||
"PartSet.MarshalJSON", | ||
"PartSet.StringShort", | ||
"PartSetHeader.String", | ||
"PartSetHeader.ValidateBasic", | ||
"PartSetHeaderFromProto", | ||
"Proposal.String", | ||
"Proposal.ValidateBasic", | ||
"ProposalFromProto", | ||
"ProposalSignBytes", | ||
"QueryForEvent", | ||
"RandValidator", | ||
"RandValidatorSet", | ||
"SignAndCheckVote", | ||
"SignedHeader.String", | ||
"SignedHeader.StringIndented", | ||
"SignedHeader.ValidateBasic", | ||
"SignedHeaderFromProto", | ||
"Tx.String", | ||
"TxProof.Validate", | ||
"TxProofFromProto", | ||
"Txs.Validate", | ||
"ValidateHash", | ||
"Validator.Bytes", | ||
"Validator.String", | ||
"Validator.ToProto", | ||
"Validator.ValidateBasic", | ||
"ValidatorFromProto", | ||
"ValidatorListString", | ||
"ValidatorSet.CopyIncrementProposerPriority", | ||
"ValidatorSet.GetProposer", | ||
"ValidatorSet.Hash", | ||
"ValidatorSet.IncrementProposerPriority", | ||
"ValidatorSet.Iterate", | ||
"ValidatorSet.String", | ||
"ValidatorSet.StringIndented", | ||
"ValidatorSet.ToProto", | ||
"ValidatorSet.TotalVotingPower", | ||
"ValidatorSet.UpdateWithChangeSet", | ||
"ValidatorSet.ValidateBasic", | ||
"ValidatorSet.VerifyCommit", | ||
"ValidatorSet.VerifyCommitLight", | ||
"ValidatorSet.VerifyCommitLightAllSignatures", | ||
"ValidatorSet.VerifyCommitLightTrusting", | ||
"ValidatorSet.VerifyCommitLightTrustingAllSignatures", | ||
"ValidatorSet.findProposer", | ||
"ValidatorSetFromExistingValidators", | ||
"ValidatorSetFromProto", | ||
"VerifyCommit", | ||
"VerifyCommitLight", | ||
"VerifyCommitLightAllSignatures", | ||
"VerifyCommitLightTrusting", | ||
"VerifyCommitLightTrustingAllSignatures", | ||
"Vote.CommitSig", | ||
"Vote.ExtendedCommitSig", | ||
"Vote.String", | ||
"Vote.ValidateBasic", | ||
"Vote.Verify", | ||
"Vote.VerifyExtension", | ||
"Vote.VerifyVoteAndExtension", | ||
"VoteExtensionSignBytes", | ||
"VoteFromProto", | ||
"VoteSet.AddVote", | ||
"VoteSet.BitArrayByBlockID", | ||
"VoteSet.BitArrayString", | ||
"VoteSet.HasAll", | ||
"VoteSet.HasTwoThirdsAny", | ||
"VoteSet.LogString", | ||
"VoteSet.MakeExtendedCommit", | ||
"VoteSet.MarshalJSON", | ||
"VoteSet.SetPeerMaj23", | ||
"VoteSet.String", | ||
"VoteSet.StringIndented", | ||
"VoteSet.StringShort", | ||
"VoteSet.VoteStrings", | ||
"VoteSignBytes" | ||
] | ||
} | ||
], | ||
"custom_ranges": [ | ||
{ | ||
"type": "ECOSYSTEM", | ||
"events": [ | ||
{ | ||
"introduced": "0.34.0" | ||
}, | ||
{ | ||
"fixed": "0.34.34" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/cometbft/cometbft/commit/3937e00a339ee6b861d75997b4f6c87d867b74f2" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/cometbft/cometbft/commit/52c00a537f8f56ed94b4a5c8af6e3fecff468b55" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3112", | ||
"review_status": "REVIEWED" | ||
} | ||
} |
Oops, something went wrong.