GO-2025-4211 Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon...

EUVD-2025-201819

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers...

GO-2025-4157 Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon

Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon...

Babylon's malformed vote extensions are not rejected

Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. Impact A small group of adversarial validators can cause a cha...

EUVD-2025-199102

Babylon's malformed vote extensions are not rejected...

GHSA-2FCV-QWW3-9V6H Babylon's malformed vote extensions are not rejected

Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. Impact A small group of adversarial validators can cause a cha...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unknown fields that aren't checked. An attacker can disrupt consensus and cause all block proposals to be rejected by submitting specially crafted vote extensions with...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unknown fields that aren't checked. An attacker can disrupt consensus and cause all block proposals to be rejected by submitting specially crafted vote extensions with...

GO-2024-3259 CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft...

GHSA-P7MV-53F2-4CWJ CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data Component: CometBFT Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: = 0.38.x, unreleased v1.x and main development branches Affected users: Chain Builders +...

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data Component: CometBFT Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: = 0.38.x, unreleased v1.x and main development branches Affected users: Chain Builders +...