Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft
Summary
A vulnerability in CometBFT’s validation logic for VoteExtensionsEnableHeight
can result in a chain halt when triggered through a governance parameter change proposal on an ABCI2 Application Chain. If a parameter change proposal including a VoteExtensionsEnableHeight
modification is passed, nodes running the affected versions may panic, halting the network.
The CometBFT team addressed this issue by improving validation logic for the VoteExtensionsEnableHeight
to correctly handle governance proposals addressing this parameter.
Next Steps for Impacted Parties
If you are a chain developer with an active network running on CometBFT v. 0.38.x, we recommend updating your chain application to v0.38.3 or later of CometBFT to patch this issue.
This issue can be resolved with a “soft patch” to an active network, i.e. nodes can be patched and restarted at different times without the need for a coordinated upgrade that halts a chain. If this patching methodology is used, the risk of a network halt triggered by this issue is mitigated once more than 66.7% of voting power on the network has applied the update, which provides protection from exploitation while on-chain governance processes for software upgrades take place. Once all validator nodes operating a network have been updated, the risk of a network halt due to this issue will be fully resolved.
For more information about CometBFT, see https://docs.cometbft.com/.
This issue was found by Dongsam (@b_harvest) who reported it to the Cosmos Bug Bounty Program on HackerOne on January 15, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
Permalink: https://github.com/advisories/GHSA-qr8r-m495-7hc4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 11 months ago
Identifiers: GHSA-qr8r-m495-7hc4
References:
- https://github.com/cometbft/cometbft/security/advisories/GHSA-qr8r-m495-7hc4
- https://github.com/cometbft/cometbft/commit/5fbc97378b94b0945febe9549399e7c9c5df13ed
- https://github.com/advisories/GHSA-qr8r-m495-7hc4
Blast Radius: 0.0
Affected Packages
go:github.com/cometbft/cometbft
Dependent packages: 1,504Dependent repositories: 122
Downloads:
Affected Version Ranges: >= 0.38.0, < 0.38.3
Fixed in: 0.38.3
All affected versions: 0.38.0, 0.38.1, 0.38.2
All unaffected versions: 0.34.27, 0.34.28, 0.34.29, 0.34.30, 0.34.31, 0.34.32, 0.34.33, 0.34.34, 0.34.35, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.37.4, 0.37.5, 0.37.6, 0.37.7, 0.37.8, 0.37.9, 0.37.10, 0.37.11, 0.37.12, 0.37.13, 0.38.3, 0.38.4, 0.38.5, 0.38.6, 0.38.7, 0.38.8, 0.38.9, 0.38.10, 0.38.11, 0.38.12, 0.38.13, 0.38.14, 0.38.15