{"schema_version":"1.3.1","id":"GO-2021-0090","modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","aliases":["CVE-2020-15091","GHSA-6jqj-f58p-mrw3"],"summary":"Denial of service in github.com/tendermint/tendermint","details":"Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping these signatures, they cause failure during verification. A malicious proposer can use this to force consensus failures.","affected":[{"package":{"name":"github.com/tendermint/tendermint","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.33.0"},{"fixed":"0.34.0-dev1.0.20200702134149-480b995a3172"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/tendermint/tendermint/types","symbols":["MakeCommit","VoteSet.MakeCommit"]}]}}],"references":[{"type":"FIX","url":"https://github.com/tendermint/tendermint/pull/5426"},{"type":"FIX","url":"https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340"},{"type":"WEB","url":"https://github.com/tendermint/tendermint/issues/4926"}],"credits":[{"name":"Neeraj Murarka"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0090","review_status":"REVIEWED"}}