blob: 97352dbb4534f4939df112da1495b5209b019ea6 [file] [log] [blame]
module: github.com/tendermint/tendermint
package: github.com/tendermint/tendermint/types
versions:
- introduced: v0.33.0
fixed: v0.34.0-dev1.0.20200702134149-480b995a3172
description: |
Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
these signatures, they cause failure during verification. A malicious proposer can use this to force
consensus failures.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-15091
credit: Neeraj Murarka
symbols:
- VoteSet.MakeCommit
links:
pr: https://github.com/tendermint/tendermint/pull/5426
commit: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
context:
- https://github.com/tendermint/tendermint/issues/4926