2 matches found
CVE-2022-23507 Light client verification not taking into account chain ID
Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...
CVE-2022-23507
The CVE concerns Tendermint’s light-client verification prior to version 0.28.0, where the light client does not verify that the trusted and untrusted chain IDs match during header verification. This can allow a header from an untrusted chain that passes other checks (e.g., overlapping validator ...