-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- data/reports/GO-2024-3112.yaml Fixes #3112 Change-Id: I8994a6237e57ed892704ca4841a1ad8ed28090e1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/613258 Auto-Submit: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]>
- Loading branch information
Showing
2 changed files
with
545 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,298 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3112", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "GHSA-g5xx-c4hv-9ccc" | ||
| ], | ||
| "summary": "CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft", | ||
| "details": "CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/cometbft/cometbft", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0.37.0" | ||
| }, | ||
| { | ||
| "fixed": "0.37.11" | ||
| }, | ||
| { | ||
| "introduced": "0.38.0" | ||
| }, | ||
| { | ||
| "fixed": "0.38.12" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": { | ||
| "imports": [ | ||
| { | ||
| "path": "github.com/cometbft/cometbft/light", | ||
| "symbols": [ | ||
| "Client.TrustedLightBlock", | ||
| "Client.Update", | ||
| "Client.VerifyHeader", | ||
| "Client.VerifyLightBlockAtHeight", | ||
| "Client.compareFirstHeaderWithWitnesses", | ||
| "Client.compareNewHeaderWithWitness", | ||
| "Client.detectDivergence", | ||
| "Client.findNewPrimary", | ||
| "Client.initializeWithTrustOptions", | ||
| "ErrInvalidHeader.Error", | ||
| "ErrNewValSetCantBeTrusted.Error", | ||
| "ErrOldHeaderExpired.Error", | ||
| "ErrVerificationFailed.Error", | ||
| "NewClient", | ||
| "NewClientFromTrustedStore", | ||
| "NewHTTPClient", | ||
| "NewHTTPClientFromTrustedStore", | ||
| "TrustOptions.ValidateBasic", | ||
| "ValidateTrustLevel", | ||
| "Verify", | ||
| "VerifyAdjacent", | ||
| "VerifyBackwards", | ||
| "VerifyNonAdjacent", | ||
| "errBadWitness.Error", | ||
| "errConflictingHeaders.Error" | ||
| ] | ||
| }, | ||
| { | ||
| "path": "github.com/cometbft/cometbft/types", | ||
| "symbols": [ | ||
| "ABCIParams.VoteExtensionsEnabled", | ||
| "Block.Hash", | ||
| "Block.HashesTo", | ||
| "Block.MakePartSet", | ||
| "Block.Size", | ||
| "Block.String", | ||
| "Block.StringIndented", | ||
| "Block.StringShort", | ||
| "Block.ToProto", | ||
| "Block.ValidateBasic", | ||
| "BlockFromProto", | ||
| "BlockID.Key", | ||
| "BlockID.String", | ||
| "BlockID.ValidateBasic", | ||
| "BlockIDFromProto", | ||
| "BlockMeta.ValidateBasic", | ||
| "BlockMetaFromProto", | ||
| "BlockMetaFromTrustedProto", | ||
| "CanonicalTime", | ||
| "CanonicalizeBlockID", | ||
| "CanonicalizeProposal", | ||
| "CanonicalizeVote", | ||
| "Commit.GetVote", | ||
| "Commit.Hash", | ||
| "Commit.StringIndented", | ||
| "Commit.ToVoteSet", | ||
| "Commit.ValidateBasic", | ||
| "Commit.VoteSignBytes", | ||
| "CommitFromProto", | ||
| "CommitSig.BlockID", | ||
| "CommitSig.FromProto", | ||
| "CommitSig.String", | ||
| "CommitSig.ValidateBasic", | ||
| "ConsensusParams.ValidateBasic", | ||
| "ConsensusParams.ValidateUpdate", | ||
| "Data.StringIndented", | ||
| "DuplicateVoteEvidence.Bytes", | ||
| "DuplicateVoteEvidence.Hash", | ||
| "DuplicateVoteEvidence.String", | ||
| "DuplicateVoteEvidence.ValidateBasic", | ||
| "DuplicateVoteEvidenceFromProto", | ||
| "ErrEvidenceOverflow.Error", | ||
| "ErrInvalidCommitHeight.Error", | ||
| "ErrInvalidCommitSignatures.Error", | ||
| "ErrInvalidEvidence.Error", | ||
| "ErrNotEnoughVotingPowerSigned.Error", | ||
| "ErrVoteConflictingVotes.Error", | ||
| "ErrVoteExtensionInvalid.Error", | ||
| "EventBus.OnStart", | ||
| "EventBus.OnStop", | ||
| "EventBus.PublishEventNewBlock", | ||
| "EventBus.PublishEventNewBlockEvents", | ||
| "EventBus.PublishEventTx", | ||
| "EventQueryTxFor", | ||
| "EvidenceData.ByteSize", | ||
| "EvidenceData.FromProto", | ||
| "EvidenceData.Hash", | ||
| "EvidenceData.StringIndented", | ||
| "EvidenceData.ToProto", | ||
| "EvidenceFromProto", | ||
| "EvidenceList.Has", | ||
| "EvidenceList.Hash", | ||
| "EvidenceList.String", | ||
| "EvidenceToProto", | ||
| "ExtendedCommit.EnsureExtensions", | ||
| "ExtendedCommit.GetByIndex", | ||
| "ExtendedCommit.GetExtendedVote", | ||
| "ExtendedCommit.ToExtendedVoteSet", | ||
| "ExtendedCommit.ValidateBasic", | ||
| "ExtendedCommitFromProto", | ||
| "ExtendedCommitSig.EnsureExtension", | ||
| "ExtendedCommitSig.FromProto", | ||
| "ExtendedCommitSig.String", | ||
| "ExtendedCommitSig.ValidateBasic", | ||
| "GenesisDoc.SaveAs", | ||
| "GenesisDoc.ValidateAndComplete", | ||
| "GenesisDoc.ValidatorHash", | ||
| "GenesisDocFromFile", | ||
| "GenesisDocFromJSON", | ||
| "Header.Hash", | ||
| "Header.StringIndented", | ||
| "Header.ValidateBasic", | ||
| "HeaderFromProto", | ||
| "LightBlock.String", | ||
| "LightBlock.StringIndented", | ||
| "LightBlock.ToProto", | ||
| "LightBlock.ValidateBasic", | ||
| "LightBlockFromProto", | ||
| "LightClientAttackEvidence.Bytes", | ||
| "LightClientAttackEvidence.Hash", | ||
| "LightClientAttackEvidence.String", | ||
| "LightClientAttackEvidence.ToProto", | ||
| "LightClientAttackEvidence.ValidateBasic", | ||
| "LightClientAttackEvidenceFromProto", | ||
| "MakeBlock", | ||
| "MakeExtCommit", | ||
| "MakeVote", | ||
| "MakeVoteNoError", | ||
| "MaxDataBytes", | ||
| "MaxDataBytesNoEvidence", | ||
| "MockPV.SignProposal", | ||
| "MockPV.SignVote", | ||
| "MockPV.String", | ||
| "NewBlockMeta", | ||
| "NewDuplicateVoteEvidence", | ||
| "NewErroringMockPV", | ||
| "NewMockDuplicateVoteEvidence", | ||
| "NewMockDuplicateVoteEvidenceWithValidator", | ||
| "NewMockPV", | ||
| "NewValidatorSet", | ||
| "Part.String", | ||
| "Part.StringIndented", | ||
| "Part.ValidateBasic", | ||
| "PartFromProto", | ||
| "PartSet.AddPart", | ||
| "PartSet.MarshalJSON", | ||
| "PartSet.StringShort", | ||
| "PartSetHeader.String", | ||
| "PartSetHeader.ValidateBasic", | ||
| "PartSetHeaderFromProto", | ||
| "Proposal.String", | ||
| "Proposal.ValidateBasic", | ||
| "ProposalFromProto", | ||
| "ProposalSignBytes", | ||
| "QueryForEvent", | ||
| "RandValidator", | ||
| "RandValidatorSet", | ||
| "SignAndCheckVote", | ||
| "SignedHeader.String", | ||
| "SignedHeader.StringIndented", | ||
| "SignedHeader.ValidateBasic", | ||
| "SignedHeaderFromProto", | ||
| "Tx.String", | ||
| "TxProof.Validate", | ||
| "TxProofFromProto", | ||
| "Txs.Validate", | ||
| "ValidateHash", | ||
| "Validator.Bytes", | ||
| "Validator.String", | ||
| "Validator.ToProto", | ||
| "Validator.ValidateBasic", | ||
| "ValidatorFromProto", | ||
| "ValidatorListString", | ||
| "ValidatorSet.CopyIncrementProposerPriority", | ||
| "ValidatorSet.GetProposer", | ||
| "ValidatorSet.Hash", | ||
| "ValidatorSet.IncrementProposerPriority", | ||
| "ValidatorSet.Iterate", | ||
| "ValidatorSet.String", | ||
| "ValidatorSet.StringIndented", | ||
| "ValidatorSet.ToProto", | ||
| "ValidatorSet.TotalVotingPower", | ||
| "ValidatorSet.UpdateWithChangeSet", | ||
| "ValidatorSet.ValidateBasic", | ||
| "ValidatorSet.VerifyCommit", | ||
| "ValidatorSet.VerifyCommitLight", | ||
| "ValidatorSet.VerifyCommitLightAllSignatures", | ||
| "ValidatorSet.VerifyCommitLightTrusting", | ||
| "ValidatorSet.VerifyCommitLightTrustingAllSignatures", | ||
| "ValidatorSet.findProposer", | ||
| "ValidatorSetFromExistingValidators", | ||
| "ValidatorSetFromProto", | ||
| "VerifyCommit", | ||
| "VerifyCommitLight", | ||
| "VerifyCommitLightAllSignatures", | ||
| "VerifyCommitLightTrusting", | ||
| "VerifyCommitLightTrustingAllSignatures", | ||
| "Vote.CommitSig", | ||
| "Vote.ExtendedCommitSig", | ||
| "Vote.String", | ||
| "Vote.ValidateBasic", | ||
| "Vote.Verify", | ||
| "Vote.VerifyExtension", | ||
| "Vote.VerifyVoteAndExtension", | ||
| "VoteExtensionSignBytes", | ||
| "VoteFromProto", | ||
| "VoteSet.AddVote", | ||
| "VoteSet.BitArrayByBlockID", | ||
| "VoteSet.BitArrayString", | ||
| "VoteSet.HasAll", | ||
| "VoteSet.HasTwoThirdsAny", | ||
| "VoteSet.LogString", | ||
| "VoteSet.MakeExtendedCommit", | ||
| "VoteSet.MarshalJSON", | ||
| "VoteSet.SetPeerMaj23", | ||
| "VoteSet.String", | ||
| "VoteSet.StringIndented", | ||
| "VoteSet.StringShort", | ||
| "VoteSet.VoteStrings", | ||
| "VoteSignBytes" | ||
| ] | ||
| } | ||
| ], | ||
| "custom_ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0.34.0" | ||
| }, | ||
| { | ||
| "fixed": "0.34.34" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/cometbft/cometbft/commit/3937e00a339ee6b861d75997b4f6c87d867b74f2" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/cometbft/cometbft/commit/52c00a537f8f56ed94b4a5c8af6e3fecff468b55" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3112", | ||
| "review_status": "REVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.