CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-15091

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile31.55th
Published2020年7月2日
Last Modified2024年11月21日

Vulnerability Description

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit.

Affected Platforms (CPE)

📦
Tendermint

Tendermint

>= 0.33.0 and < 0.33.6

References & Advisories

🔗 https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
🔗 https://github.com/tendermint/tendermint/issues/4926
🔗 https://github.com/tendermint/tendermint/security/advisories/GHSA-6jqj-f58p-mrw3
🔗 https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
🔗 https://github.com/tendermint/tendermint/issues/4926
🔗 https://github.com/tendermint/tendermint/security/advisories/GHSA-6jqj-f58p-mrw3

相關漏洞威脅

CVE-2021-212716.5

Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any...

CVE-2020-53033.1

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the numbe...

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2020-146710.0

An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited ...