-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIOngoing coverage of React2Shell
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/babylonlabs-io/babylon/v4 | go | < 4.1.0 | 4.1.0 |
Miggo AIRoot Cause AnalysisThe analysis of the security advisory and the associated patch commit pinpoints the vulnerability to the verifyVoteExtension function in x/checkpointing/prepare/proposal.go. The vulnerability description highlights that malformed vote extensions with non-existing protobuf tags were not being rejected, allowing for a denial-of-service attack. The commit 86f38abd2dca5a656195a9954bb569a08d662e2b directly addresses this issue. The core of the fix is the addition of unknownproto.RejectUnknownFieldsStrict within the verifyVoteExtension function. This function is responsible for processing vote extensions, and prior to the patch, it lacked the necessary validation to detect and reject protobuf messages containing unknown fields. This allowed an attacker to embed arbitrary data, leading to oversized vote extensions that would cause subsequent block proposals to fail, ultimately halting the blockchain. The new code ensures that any such malformed vote extensions are rejected early, mitigating the vulnerability. The accompanying test file changes also confirm this by adding a specific test case for a malicious oversized vote extension.
prepare.ProposalHandler.verifyVoteExtensionx/checkpointing/prepare/proposal.go