GHSA-HG58-RF2H-6RR7
Vulnerability from github – Published: 2024-06-28 14:33 – Updated: 2024-07-05 21:31Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7
Summary
An issue was identified for nodes syncing on an existing network during blocksync in which a malicious peer could cause the syncing peer to panic, enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. It is recommended for all clients to adopt this patch so that blocksync functions as expected and is tolerant of malicious peers presenting invalid data in this situation. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.
Recognition
This issue was reported to the Cosmos Bug Bounty Program on HackerOne on 5/01/24 by unknown_feature. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
If you have questions about Interchain security efforts, please reach out to our official communication channel at security@interchain.io.
For more information about CometBFT, please see https://docs.cometbft.com/.
For more information about the Interchain Foundation’s engagement with Amulet, please see https://github.com/interchainio/security.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cometbft/cometbft"
},
"ranges": [
{
"events": [
{
"introduced": "0.37.0"
},
{
"fixed": "0.37.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cometbft/cometbft"
},
"ranges": [
{
"events": [
{
"introduced": "0.38.0"
},
{
"fixed": "0.38.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-28T14:33:33Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "**Name**: ASA-2024-008: Instability during blocksync when syncing from malicious peer\n**Component**: CometBFT\n**Criticality**: Medium ([ACMv1](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Moderate; L: Possible)\n**Affected versions**: \u003c v0.38.7 \n\n# Summary\n\nAn issue was identified for nodes syncing on an existing network during blocksync in which a malicious peer could cause the syncing peer to panic, enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. It is recommended for all clients to adopt this patch so that blocksync functions as expected and is tolerant of malicious peers presenting invalid data in this situation. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.\n\n# Recognition\n\nThis issue was reported to the Cosmos Bug Bounty Program on HackerOne on 5/01/24 by unknown_feature. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n\nIf you have questions about Interchain security efforts, please reach out to our official communication channel at [security@interchain.io](mailto:security@interchain.io).\n\nFor more information about CometBFT, please see https://docs.cometbft.com/.\n\nFor more information about the Interchain Foundation\u2019s engagement with Amulet, please see https://github.com/interchainio/security.\n",
"id": "GHSA-hg58-rf2h-6rr7",
"modified": "2024-07-05T21:31:45Z",
"published": "2024-06-28T14:33:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-hg58-rf2h-6rr7"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/commit/07866e11139127e415bd0339ac377b6e6a845533"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/commit/8ba2e4f52d5e626e019501ba6420cc86d5de7857"
},
{
"type": "PACKAGE",
"url": "https://github.com/cometbft/cometbft"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "CometBFT is unstability during blocksync when syncing from malicious peer"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.