blob: 675fb13d18ca7c818455a03c6a22e5aa042ffeaa [file] [log] [blame]
packages:
- module: github.com/tendermint/tendermint
package: github.com/tendermint/tendermint/types
symbols:
- VoteSet.MakeCommit
derived_symbols:
- MakeCommit
versions:
- introduced: 0.33.0
fixed: 0.34.0-dev1.0.20200702134149-480b995a3172
description: |
Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
these signatures, they cause failure during verification. A malicious proposer can use this to force
consensus failures.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-15091
ghsas:
- GHSA-6jqj-f58p-mrw3
credit: Neeraj Murarka
links:
pr: https://github.com/tendermint/tendermint/pull/5426
commit: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
context:
- https://github.com/tendermint/tendermint/issues/4926