Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions
Component: Cosmos SDK
Criticality: High
Affected Versions: Cosmos SDK versions <= 0.50.4, on 0.50 branches
Affected Users: Chain developers, Validator and Node operators
Impact: Elevation of Privilege
Summary
The default ValidateVoteExtensions helper function infers total voting power based off of the injected VoteExtension, which are injected by the proposer. If your chain utilizes the ValidateVoteExtensions helper in ProcessProposal, a dishonest proposer can potentially mutate voting power of each validator it includes in the injected VoteExtension, which could have potentially unexpected or negative consequences on modified state. Additional validation on injected VoteExtension data was added to confirm voting power against the state machine.
Next Steps for Impacted Parties
If you are a chain developer on an affected version of the Cosmos SDK, it is advised to update to the latest available version of the Cosmos SDK for your project. Once a patched version is available, it is recommended that network operators upgrade.
A Github Security Advisory for this issue is available in the Cosmos-SDK repository. For more information about Cosmos SDK, see https://docs.cosmos.network/.
Permalink: https://github.com/advisories/GHSA-95rx-m9m5-m94vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 months ago
Updated: 25 days ago
CVSS Score: 7.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Identifiers: GHSA-95rx-m9m5-m94v
References:
- https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-95rx-m9m5-m94v
- https://github.com/cosmos/cosmos-sdk/commit/4467110df40797ebe916c23ebfd45c9ee7583897
- https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.5
- https://github.com/advisories/GHSA-95rx-m9m5-m94v
Blast Radius: 23.9
Affected Packages
go:github.com/cosmos/cosmos-sdk
Dependent packages: 3,776Dependent repositories: 2,329
Downloads:
Affected Version Ranges: >= 0.50.0, <= 0.50.4
Fixed in: 0.50.5
All affected versions: 0.50.0, 0.50.1, 0.50.2, 0.50.3
All unaffected versions: 0.0.2, 0.0.3, 0.0.4, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.14.1, 0.15.0, 0.15.1, 0.16.0, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.23.0, 0.23.1, 0.24.0, 0.24.1, 0.24.2, 0.25.0, 0.26.0, 0.27.0, 0.27.1, 0.28.0, 0.28.1, 0.29.0, 0.29.1, 0.30.0, 0.31.0, 0.31.1, 0.31.2, 0.32.0, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.34.1, 0.34.2, 0.34.3, 0.34.4, 0.34.5, 0.34.6, 0.34.7, 0.34.8, 0.34.9, 0.34.10, 0.35.0, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.37.4, 0.37.5, 0.37.6, 0.37.7, 0.37.8, 0.37.9, 0.37.10, 0.37.11, 0.37.12, 0.37.13, 0.37.14, 0.37.15, 0.38.0, 0.38.1, 0.38.2, 0.38.3, 0.38.4, 0.38.5, 0.39.0, 0.39.1, 0.39.2, 0.39.3, 0.40.0, 0.40.1, 0.41.0, 0.41.1, 0.41.2, 0.41.3, 0.41.4, 0.42.0, 0.42.1, 0.42.2, 0.42.3, 0.42.4, 0.42.5, 0.42.6, 0.42.7, 0.42.8, 0.42.9, 0.42.10, 0.42.11, 0.43.0, 0.44.0, 0.44.1, 0.44.2, 0.44.3, 0.44.4, 0.44.5, 0.44.6, 0.44.7, 0.44.8, 0.45.0, 0.45.1, 0.45.2, 0.45.3, 0.45.4, 0.45.5, 0.45.6, 0.45.7, 0.45.8, 0.45.9, 0.45.10, 0.45.11, 0.45.12, 0.45.13, 0.45.14, 0.45.15, 0.45.16, 0.46.0, 0.46.1, 0.46.2, 0.46.3, 0.46.4, 0.46.5, 0.46.6, 0.46.7, 0.46.8, 0.46.9, 0.46.10, 0.46.11, 0.46.12, 0.46.13, 0.46.14, 0.46.15, 0.46.16, 0.47.0, 0.47.1, 0.47.2, 0.47.3, 0.47.4, 0.47.5, 0.47.6, 0.47.7, 0.47.8