Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fixed node corruption in the “ar-arvifs” list In the current WLAN recovery code flow, the ath11kcorehalt function only re initializes the “arvifs” list head. This causes the list node immediately following the list...

GO-2025-4025 CometBFT's invalid BitArray handling can lead to network halt in github.com/cometbft/cometbft

CometBFT's invalid BitArray handling can lead to network halt in github.com/cometbft/cometbft...

EUVD-2025-34453

CometBFT's invalid BitArray handling can lead to network halt...

GHSA-HRHF-2VCR-GHCH CometBFT's invalid BitArray handling can lead to network halt

Name: ASA-2025-003: Invalid BitArray handling can lead to network halt Criticality: High Considerable Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.18, = v0.37.15, and main development branches Affected users: Validators, Full nodes, Users Description A bug was discovered in...

CometBFT's invalid BitArray handling can lead to network halt

Name: ASA-2025-003: Invalid BitArray handling can lead to network halt Criticality: High Considerable Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.18, = v0.37.15, and main development branches Affected users: Validators, Full nodes, Users Description A bug was discovered in...

EUVD-2021-2459

Malware in sbrugna...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to inconsistencies in the deserialization process of acknowledgments, leading to non-deterministic behavior that can halt a blockchain network. Note: This is only exploitable if the attacker has the...

Insufficient Verification Of Data Authenticity

CometBFT is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper validation due to incorrect processing and dissemination of invalid block part indices and proof part indices, which could lead to a network halt...

Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft

Summary A vulnerability in CometBFT’s validation logic for VoteExtensionsEnableHeight can result in a chain halt when triggered through a governance parameter change proposal on an ABCI2 Application Chain. If a parameter change proposal including a VoteExtensionsEnableHeight modification is passe...

GHSA-QR8R-M495-7HC4 Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft

Summary A vulnerability in CometBFT’s validation logic for VoteExtensionsEnableHeight can result in a chain halt when triggered through a governance parameter change proposal on an ABCI2 Application Chain. If a parameter change proposal including a VoteExtensionsEnableHeight modification is passe...

Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. It is a misconfiguration to reuse chainIDs. Correct...

GHSA-6JQJ-F58P-MRW3 Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. It is a misconfiguration to reuse chainIDs. Correct...

CVE-2020-15091

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

CVE-2020-15091

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

Design/Logic Flaw

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

CVE-2020-15091

CVE-2020-15091 affects Tendermint up to v0.33.6: versions 0.33.0 through 0.33.5 allow a block proposer to include signatures for the wrong block, potentially halting the network. The root cause is signatures not guaranteed to correspond to the committed block, enabling a DoS condition where commi...