Overview
- Description
- Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-347
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tendermint-light-client-js_project:tendermint-light-client-js:*:*:*:*:rust:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AE9A733-0849-4587-8F47-A03E662F71B2",
"versionEndExcluding": "0.28.0"
},
{
"criteria": "cpe:2.3:a:tendermint-light-client-verifier_project:tendermint-light-client-verifier:*:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "6722E7A5-A823-40C0-87A7-C13CABAD9466",
"versionEndExcluding": "0.28.0"
},
{
"criteria": "cpe:2.3:a:tendermint-light-client_project:tendermint-light-client:*:*:*:*:rust:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DF43910-4B14-414A-A96D-947A5D4EC035",
"versionEndExcluding": "0.28.0"
}
],
"operator": "OR"
}
]
}
]