N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-qr8r-m495-7hc4

EPSS Score

CWE

Published

1/19/2024

Updated

1/19/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-qr8r-m495-7hc4

GHSA-qr8r-m495-7hc4: Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft

Summary

A vulnerability in CometBFT’s validation logic for VoteExtensionsEnableHeight can result in a chain halt when triggered through a governance parameter change proposal on an ABCI2 Application Chain. If a parameter change proposal including a VoteExtensionsEnableHeight modification is passed, nodes running the affected versions may panic, halting the network.

The CometBFT team addressed this issue by improving validation logic for the VoteExtensionsEnableHeight to correctly handle governance proposals addressing this parameter.

Next Steps for Impacted Parties

If you are a chain developer with an active network running on CometBFT v. 0.38.x, we recommend updating your chain application to v0.38.3 or later of CometBFT to patch this issue.

This issue can be resolved with a “soft patch” to an active network, i.e. nodes can be patched and restarted at different times without the need for a coordinated upgrade that halts a chain. If this patching methodology is used, the risk of a network halt triggered by this issue is mitigated once more than 66.7% of voting power on the network has applied the update, which provides protection from exploitation while on-chain governance processes for software upgrades take place. Once all validator nodes operating a network have been updated, the risk of a network halt due to this issue will be fully resolved.

For more information about CometBFT, see https://docs.cometbft.com/.

This issue was found by Dongsam (@b_harvest) who reported it to the Cosmos Bug Bounty Program on HackerOne on January 15, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-qr8r-m495-7hc4

GHSA-qr8r-m495-7hc4:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-qr8r-m495-7hc4

EPSS Score

CWE

Published

1/19/2024

Updated

1/19/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/cometbft/cometbft	go	>= 0.38.0, < 0.38.3	0.38.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper validation in the ValidateUpdate method of ConsensusParams. The commit diff shows significant changes to this function's validation logic, adding multiple conditional checks (cases 1-9 in comments) that were missing in vulnerable versions. The original implementation failed to properly handle scenarios like disabling already-activated vote extensions or setting enable heights in the past, which the patched version explicitly addresses. The associated test file (types/params_test.go) was also substantially expanded to cover these failure scenarios, confirming the function's central role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-qr8r-m495-7hc4: Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft

Summary

Next Steps for Impacted Parties

GHSA-qr8r-m495-7hc4:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

GHSA-qr8r-m495-7hc4: Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft

Summary

Next Steps for Impacted Parties

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI