-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Aliases: GHSA-95rx-m9m5-m94v Fixes #2638 Change-Id: I8e85f92e3911373f467011ddf030da5dd2e40e6c Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/584757 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
- Loading branch information
Showing
2 changed files
with
91 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2638", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"GHSA-95rx-m9m5-m94v" | ||
], | ||
"summary": "ValidateVoteExtensions function in Cosmos SDK may allow incorrect voting power assumptions in github.com/cosmos/cosmos-sdk", | ||
"details": "The default ValidateVoteExtensions helper function infers total voting power based on the injected VoteExtension, which are injected by the proposer.\n\nIf your chain utilizes the ValidateVoteExtensions helper in ProcessProposal, a dishonest proposer can potentially mutate voting power of each validator it includes in the injected VoteExtension, which could have potentially unexpected or negative consequences on modified state. Additional validation on injected VoteExtension data was added to confirm voting power against the state machine.", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/cosmos/cosmos-sdk", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0.50.0" | ||
}, | ||
{ | ||
"fixed": "0.50.5" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"imports": [ | ||
{ | ||
"path": "github.com/cosmos/cosmos-sdk/baseapp", | ||
"symbols": [ | ||
"ValidateVoteExtensions" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-95rx-m9m5-m94v" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/cosmos/cosmos-sdk/commit/4467110df40797ebe916c23ebfd45c9ee7583897" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.5" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2638" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
id: GO-2024-2638 | ||
modules: | ||
- module: github.com/cosmos/cosmos-sdk | ||
versions: | ||
- introduced: 0.50.0 | ||
fixed: 0.50.5 | ||
vulnerable_at: 0.50.4 | ||
packages: | ||
- package: github.com/cosmos/cosmos-sdk/baseapp | ||
symbols: | ||
- ValidateVoteExtensions | ||
summary: |- | ||
ValidateVoteExtensions function in Cosmos SDK may allow incorrect voting | ||
power assumptions in github.com/cosmos/cosmos-sdk | ||
description: |- | ||
The default ValidateVoteExtensions helper function infers total voting power | ||
based on the injected VoteExtension, which are injected by the proposer. | ||
If your chain utilizes the ValidateVoteExtensions helper in ProcessProposal, a | ||
dishonest proposer can potentially mutate voting power of each validator it | ||
includes in the injected VoteExtension, which could have potentially unexpected | ||
or negative consequences on modified state. Additional validation on injected | ||
VoteExtension data was added to confirm voting power against the state machine. | ||
ghsas: | ||
- GHSA-95rx-m9m5-m94v | ||
references: | ||
- advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-95rx-m9m5-m94v | ||
- fix: https://github.com/cosmos/cosmos-sdk/commit/4467110df40797ebe916c23ebfd45c9ee7583897 | ||
- web: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.5 | ||
source: | ||
id: GHSA-95rx-m9m5-m94v | ||
created: 2024-05-10T15:59:33.780326-04:00 |