reports/GO-2021-0090.yaml - vulndb - Git at Google

 packages:
   - module: github.com/tendermint/tendermint
     package: github.com/tendermint/tendermint/types
     symbols:
       - VoteSet.MakeCommit
     derived_symbols:
       - MakeCommit
     versions:
       - introduced: 0.33.0
         fixed: 0.34.0-dev1.0.20200702134149-480b995a3172
 description: |
     Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
     these signatures, they cause failure during verification. A malicious proposer can use this to force
     consensus failures.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-15091
 ghsas:
   - GHSA-6jqj-f58p-mrw3
 credit: Neeraj Murarka
 links:
     pr: https://github.com/tendermint/tendermint/pull/5426
     commit: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
     context:
       - https://github.com/tendermint/tendermint/issues/4926
	packages:
	- module: github.com/tendermint/tendermint
	package: github.com/tendermint/tendermint/types
	symbols:
	- VoteSet.MakeCommit
	derived_symbols:
	- MakeCommit
	versions:
	- introduced: 0.33.0
	fixed: 0.34.0-dev1.0.20200702134149-480b995a3172
	description: \|
	Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
	these signatures, they cause failure during verification. A malicious proposer can use this to force
	consensus failures.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-15091
	ghsas:
	- GHSA-6jqj-f58p-mrw3
	credit: Neeraj Murarka
	links:
	pr: https://github.com/tendermint/tendermint/pull/5426
	commit: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
	context:
	- https://github.com/tendermint/tendermint/issues/4926