blob: 3bbab063f41c781e16facc0c679761ff7780414b [file] [log] [blame]
id: GO-2021-0090
modules:
- module: github.com/tendermint/tendermint
versions:
- introduced: 0.33.0
- fixed: 0.34.0-dev1.0.20200702134149-480b995a3172
vulnerable_at: 0.33.0
packages:
- package: github.com/tendermint/tendermint/types
symbols:
- VoteSet.MakeCommit
derived_symbols:
- MakeCommit
summary: Denial of service in github.com/tendermint/tendermint
description: |-
Proposed commits may contain signatures for blocks not contained within the
commit. Instead of skipping these signatures, they cause failure during
verification. A malicious proposer can use this to force consensus failures.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-15091
ghsas:
- GHSA-6jqj-f58p-mrw3
credits:
- Neeraj Murarka
references:
- fix: https://github.com/tendermint/tendermint/pull/5426
- fix: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
- web: https://github.com/tendermint/tendermint/issues/4926
review_status: REVIEWED