{"schema_version":"1.3.1","id":"GO-2024-3259","modified":"2024-12-12T21:58:41Z","published":"2024-11-20T17:22:48Z","aliases":["GHSA-p7mv-53f2-4cwj"],"summary":"CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft","details":"CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft","affected":[{"package":{"name":"github.com/cometbft/cometbft","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.38.0"},{"fixed":"0.38.15"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/cometbft/cometbft/state/indexer/block/kv","symbols":["BlockerIndexer.Search","BlockerIndexer.setTmpHeights"]}]}}],"references":[{"type":"ADVISORY","url":"https://github.com/cometbft/cometbft/security/advisories/GHSA-p7mv-53f2-4cwj"},{"type":"WEB","url":"https://docs.cometbft.com/v0.38/spec/abci/abci++_basic_concepts"},{"type":"WEB","url":"https://github.com/cometbft/cometbft/releases/tag/v0.38.15"},{"type":"FIX","url":"https://github.com/cometbft/cometbft/commit/17d3bb66664cab6d6798c17e27198e15bbac1905"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3259","review_status":"REVIEWED"}}