—
GO-2024-3259
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft
Details
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/cometbft/cometbft
Introduced in:
0.38.0 Fixed in: 0.38.15 Fix
go get github.com/cometbft/cometbft@v0.38.15 References
- https://github.com/cometbft/cometbft/security/advisories/GHSA-p7mv-53f2-4cwj [ADVISORY]
- https://docs.cometbft.com/v0.38/spec/abci/abci++_basic_concepts [WEB]
- https://github.com/cometbft/cometbft/releases/tag/v0.38.15 [WEB]
- https://github.com/cometbft/cometbft/commit/17d3bb66664cab6d6798c17e27198e15bbac1905 [FIX]