GO-2024-3112

Source
https://pkg.go.dev/vuln/GO-2024-3112
Import Source
https://vuln.go.dev/ID/GO-2024-3112.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-3112
Aliases
Published
2024-09-13T21:55:06Z
Modified
2024-09-13T22:27:57.042637Z
Summary
CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft
Details

CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-3112"
}
References

Affected packages

Go / github.com/cometbft/cometbft

Package

Name
github.com/cometbft/cometbft
View open source insights on deps.dev
Purl
pkg:golang/github.com/cometbft/cometbft

Affected ranges

Type
SEMVER
Events
Introduced
0.37.0
Fixed
0.37.11
Introduced
0.38.0
Fixed
0.38.12

Ecosystem specific

{
    "custom_ranges": [
        {
            "events": [
                {
                    "introduced": "0.34.0"
                },
                {
                    "fixed": "0.34.34"
                }
            ],
            "type": "ECOSYSTEM"
        }
    ],
    "imports": [
        {
            "path": "github.com/cometbft/cometbft/light",
            "symbols": [
                "Client.TrustedLightBlock",
                "Client.Update",
                "Client.VerifyHeader",
                "Client.VerifyLightBlockAtHeight",
                "Client.compareFirstHeaderWithWitnesses",
                "Client.compareNewHeaderWithWitness",
                "Client.detectDivergence",
                "Client.findNewPrimary",
                "Client.initializeWithTrustOptions",
                "ErrInvalidHeader.Error",
                "ErrNewValSetCantBeTrusted.Error",
                "ErrOldHeaderExpired.Error",
                "ErrVerificationFailed.Error",
                "NewClient",
                "NewClientFromTrustedStore",
                "NewHTTPClient",
                "NewHTTPClientFromTrustedStore",
                "TrustOptions.ValidateBasic",
                "ValidateTrustLevel",
                "Verify",
                "VerifyAdjacent",
                "VerifyBackwards",
                "VerifyNonAdjacent",
                "errBadWitness.Error",
                "errConflictingHeaders.Error"
            ]
        },
        {
            "path": "github.com/cometbft/cometbft/types",
            "symbols": [
                "ABCIParams.VoteExtensionsEnabled",
                "Block.Hash",
                "Block.HashesTo",
                "Block.MakePartSet",
                "Block.Size",
                "Block.String",
                "Block.StringIndented",
                "Block.StringShort",
                "Block.ToProto",
                "Block.ValidateBasic",
                "BlockFromProto",
                "BlockID.Key",
                "BlockID.String",
                "BlockID.ValidateBasic",
                "BlockIDFromProto",
                "BlockMeta.ValidateBasic",
                "BlockMetaFromProto",
                "BlockMetaFromTrustedProto",
                "CanonicalTime",
                "CanonicalizeBlockID",
                "CanonicalizeProposal",
                "CanonicalizeVote",
                "Commit.GetVote",
                "Commit.Hash",
                "Commit.StringIndented",
                "Commit.ToVoteSet",
                "Commit.ValidateBasic",
                "Commit.VoteSignBytes",
                "CommitFromProto",
                "CommitSig.BlockID",
                "CommitSig.FromProto",
                "CommitSig.String",
                "CommitSig.ValidateBasic",
                "ConsensusParams.ValidateBasic",
                "ConsensusParams.ValidateUpdate",
                "Data.StringIndented",
                "DuplicateVoteEvidence.Bytes",
                "DuplicateVoteEvidence.Hash",
                "DuplicateVoteEvidence.String",
                "DuplicateVoteEvidence.ValidateBasic",
                "DuplicateVoteEvidenceFromProto",
                "ErrEvidenceOverflow.Error",
                "ErrInvalidCommitHeight.Error",
                "ErrInvalidCommitSignatures.Error",
                "ErrInvalidEvidence.Error",
                "ErrNotEnoughVotingPowerSigned.Error",
                "ErrVoteConflictingVotes.Error",
                "ErrVoteExtensionInvalid.Error",
                "EventBus.OnStart",
                "EventBus.OnStop",
                "EventBus.PublishEventNewBlock",
                "EventBus.PublishEventNewBlockEvents",
                "EventBus.PublishEventTx",
                "EventQueryTxFor",
                "EvidenceData.ByteSize",
                "EvidenceData.FromProto",
                "EvidenceData.Hash",
                "EvidenceData.StringIndented",
                "EvidenceData.ToProto",
                "EvidenceFromProto",
                "EvidenceList.Has",
                "EvidenceList.Hash",
                "EvidenceList.String",
                "EvidenceToProto",
                "ExtendedCommit.EnsureExtensions",
                "ExtendedCommit.GetByIndex",
                "ExtendedCommit.GetExtendedVote",
                "ExtendedCommit.ToExtendedVoteSet",
                "ExtendedCommit.ValidateBasic",
                "ExtendedCommitFromProto",
                "ExtendedCommitSig.EnsureExtension",
                "ExtendedCommitSig.FromProto",
                "ExtendedCommitSig.String",
                "ExtendedCommitSig.ValidateBasic",
                "GenesisDoc.SaveAs",
                "GenesisDoc.ValidateAndComplete",
                "GenesisDoc.ValidatorHash",
                "GenesisDocFromFile",
                "GenesisDocFromJSON",
                "Header.Hash",
                "Header.StringIndented",
                "Header.ValidateBasic",
                "HeaderFromProto",
                "LightBlock.String",
                "LightBlock.StringIndented",
                "LightBlock.ToProto",
                "LightBlock.ValidateBasic",
                "LightBlockFromProto",
                "LightClientAttackEvidence.Bytes",
                "LightClientAttackEvidence.Hash",
                "LightClientAttackEvidence.String",
                "LightClientAttackEvidence.ToProto",
                "LightClientAttackEvidence.ValidateBasic",
                "LightClientAttackEvidenceFromProto",
                "MakeBlock",
                "MakeExtCommit",
                "MakeVote",
                "MakeVoteNoError",
                "MaxDataBytes",
                "MaxDataBytesNoEvidence",
                "MockPV.SignProposal",
                "MockPV.SignVote",
                "MockPV.String",
                "NewBlockMeta",
                "NewDuplicateVoteEvidence",
                "NewErroringMockPV",
                "NewMockDuplicateVoteEvidence",
                "NewMockDuplicateVoteEvidenceWithValidator",
                "NewMockPV",
                "NewValidatorSet",
                "Part.String",
                "Part.StringIndented",
                "Part.ValidateBasic",
                "PartFromProto",
                "PartSet.AddPart",
                "PartSet.MarshalJSON",
                "PartSet.StringShort",
                "PartSetHeader.String",
                "PartSetHeader.ValidateBasic",
                "PartSetHeaderFromProto",
                "Proposal.String",
                "Proposal.ValidateBasic",
                "ProposalFromProto",
                "ProposalSignBytes",
                "QueryForEvent",
                "RandValidator",
                "RandValidatorSet",
                "SignAndCheckVote",
                "SignedHeader.String",
                "SignedHeader.StringIndented",
                "SignedHeader.ValidateBasic",
                "SignedHeaderFromProto",
                "Tx.String",
                "TxProof.Validate",
                "TxProofFromProto",
                "Txs.Validate",
                "ValidateHash",
                "Validator.Bytes",
                "Validator.String",
                "Validator.ToProto",
                "Validator.ValidateBasic",
                "ValidatorFromProto",
                "ValidatorListString",
                "ValidatorSet.CopyIncrementProposerPriority",
                "ValidatorSet.GetProposer",
                "ValidatorSet.Hash",
                "ValidatorSet.IncrementProposerPriority",
                "ValidatorSet.Iterate",
                "ValidatorSet.String",
                "ValidatorSet.StringIndented",
                "ValidatorSet.ToProto",
                "ValidatorSet.TotalVotingPower",
                "ValidatorSet.UpdateWithChangeSet",
                "ValidatorSet.ValidateBasic",
                "ValidatorSet.VerifyCommit",
                "ValidatorSet.VerifyCommitLight",
                "ValidatorSet.VerifyCommitLightAllSignatures",
                "ValidatorSet.VerifyCommitLightTrusting",
                "ValidatorSet.VerifyCommitLightTrustingAllSignatures",
                "ValidatorSet.findProposer",
                "ValidatorSetFromExistingValidators",
                "ValidatorSetFromProto",
                "VerifyCommit",
                "VerifyCommitLight",
                "VerifyCommitLightAllSignatures",
                "VerifyCommitLightTrusting",
                "VerifyCommitLightTrustingAllSignatures",
                "Vote.CommitSig",
                "Vote.ExtendedCommitSig",
                "Vote.String",
                "Vote.ValidateBasic",
                "Vote.Verify",
                "Vote.VerifyExtension",
                "Vote.VerifyVoteAndExtension",
                "VoteExtensionSignBytes",
                "VoteFromProto",
                "VoteSet.AddVote",
                "VoteSet.BitArrayByBlockID",
                "VoteSet.BitArrayString",
                "VoteSet.HasAll",
                "VoteSet.HasTwoThirdsAny",
                "VoteSet.LogString",
                "VoteSet.MakeExtendedCommit",
                "VoteSet.MarshalJSON",
                "VoteSet.SetPeerMaj23",
                "VoteSet.String",
                "VoteSet.StringIndented",
                "VoteSet.StringShort",
                "VoteSet.VoteStrings",
                "VoteSignBytes"
            ]
        }
    ]
}