Google Git
Sign in
go / vulndb / 9901439a58ac332074443a165d3e17fa19b490a3^! / .
commit9901439a58ac332074443a165d3e17fa19b490a3[log] [tgz]
authorNeal Patel <nealpatel@google.com>Wed Mar 26 15:37:16 2025 -0400
committerGopher Robot <gobot@golang.org>Mon Mar 31 10:10:02 2025 -0700
tree8647d64d7620e52dddbb581223cd82015f9c6e20
parentbc2a31fca97af778890e8c6e71e86c6b04f67f85 [diff]
data/reports: modify 1 report

Fixes golang/vulndb#3442
Fixes golang/vulndb#3443

Change-Id: I08596ccbbe8b3f097c975e978ae2495cd9d853f5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/661095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Neal Patel <nealpatel@google.com>

diff --git a/data/osv/GO-2025-3443.json b/data/osv/GO-2025-3443.json
index c60420c..17b17d9 100644
--- a/data/osv/GO-2025-3443.json
+++ b/data/osv/GO-2025-3443.json

@@ -6,8 +6,8 @@
   "aliases": [
     "GHSA-r3r4-g7hq-pq4f"
   ],
-  "summary": "CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts in github.com/cometbft/cometbft",
-  "details": "CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts in github.com/cometbft/cometbft",
+  "summary": "CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft",
+  "details": "CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft",
   "affected": [
     {
       "package": {
@@ -22,7 +22,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "0.38.16"
+              "fixed": "0.38.17"
             }
           ]
         }
@@ -86,6 +86,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2025-3443",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
\ No newline at end of file

diff --git a/data/reports/GO-2025-3443.yaml b/data/reports/GO-2025-3443.yaml
index e8e9f87..5207c5c 100644
--- a/data/reports/GO-2025-3443.yaml
+++ b/data/reports/GO-2025-3443.yaml

@@ -2,8 +2,8 @@
 modules:
     - module: github.com/cometbft/cometbft
       versions:
-        - fixed: 0.38.16
-      vulnerable_at: 0.38.15
+        - fixed: 0.38.17
+      vulnerable_at: 0.38.16
       packages:
         - package: github.com/cometbft/cometbft/types
           symbols:
@@ -21,8 +21,8 @@
           derived_symbols:
             - PartFromProto
 summary: |-
-    CometBFT allows a malicious peer to stall the network by disseminating seemingly
-    valid block parts in github.com/cometbft/cometbft
+    CometBFT allows a malicious peer to stall network by disseminating
+    valid-looking block parts in github.com/cometbft/cometbft
 ghsas:
     - GHSA-r3r4-g7hq-pq4f
 references:
@@ -32,4 +32,4 @@
 source:
     id: GHSA-r3r4-g7hq-pq4f
     created: 2025-02-04T13:46:41.019336-05:00
-review_status: NEEDS_REVIEW
+review_status: REVIEWED