Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14cXFjLWM1Z3ctYzVyNc4AAwWv

Moderate EPSS: 0.00117% (0.31397 Percentile) EPSS:
Permalink JSON

Tendermint light client verification not taking into account chain ID

Affected Packages Affected Versions Fixed Versions
cargo:tendermint-light-client-js <= 0.27.0 0.28.0
0 Dependent packages
0 Dependent repositories
46,141 Downloads total

Affected Version Ranges

All affected versions

0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.23.1, 0.23.2, 0.23.3, 0.23.4, 0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.23.9, 0.25.0, 0.26.0, 0.27.0

All unaffected versions

0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.32.2, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.34.1, 0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.38.1, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4
cargo:tendermint-light-client <= 0.27.0 0.28.0
7 Dependent packages
38 Dependent repositories
400,058 Downloads total

Affected Version Ranges

All affected versions

0.15.0, 0.16.0, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.23.1, 0.23.2, 0.23.3, 0.23.4, 0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.23.9, 0.25.0, 0.26.0, 0.27.0

All unaffected versions

0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.32.1, 0.32.2, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.34.1, 0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.38.1, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4
cargo:tendermint-light-client-verifier <= 0.27.0 0.28.0
11 Dependent packages
44 Dependent repositories
804,837 Downloads total

Affected Version Ranges

All affected versions

0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.23.9, 0.25.0, 0.26.0, 0.27.0

All unaffected versions

0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.32.1, 0.32.2, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.34.1, 0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.38.1, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4

Impact

Anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes).

At present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client.

The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks.

Patches

Users of the light client-related crates can currently upgrade to v0.28.0.

Workarounds

None

References

References:

Identifiers

GHSA-xqqc-c5gw-c5r5

CVE-2022-23507

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00117

EPSS Percentile: 0.31397

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/informalsystems/tendermint-rs

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON