advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-hg58-rf2h-6rr7] CometBFT is unstability during blocksync when syncing from malicious peer

Open AHMED11178 opened this issue 1 year ago • 2 comments

Updates

  • Affected products

Comments CometBFT experiences instability during block synchronization when syncing from a malicious peer. This issue arises because the malicious peer can disrupt the sync process, causing unexpected behavior and potential security vulnerabilities. Ensuring the reliability of peers and implementing robust verification mechanisms can mitigate this instability, allowing for a more secure and stable block synchronization process in CometBFT.

AHMED11178 avatar Jun 30 '24 14:06 AHMED11178

Hi there @greg-szabo! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

github avatar Jun 30 '24 14:06 github

Hi @AHMED11178 , the pull request seems to be missing the changes you want to make. Could you clarify what you are asking for?

JonathanLEvans avatar Jul 01 '24 14:07 JonathanLEvans

No need for this change.

main is unversioned so updating it in the advisory has the opposite effect: as soon as https://github.com/cometbft/cometbft/pull/3369 is merged, the advisory will have to be reverted as it will not be applicable to the main branch.

greg-szabo avatar Jul 07 '24 17:07 greg-szabo

Closing this out as a no-op

darakian avatar Jul 08 '24 20:07 darakian