3 matches found
Incorrect Validation
github.com/cometbft/cometbft/light is vulnerable to Incorrect Validation. The vulnerability is due to incomplete validation of the ProposerPriority field in the ValidatorSet retrieved from RPC endpoints, which can lead to inconsistencies in the proposer selection algorithm and potentially cause t...
GHSA-G5XX-C4HV-9CCC CometBFT's state syncing validator from malicious node may lead to a chain split
Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...
CometBFT's state syncing validator from malicious node may lead to a chain split
Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...