{"id":"GO-2024-3259","summary":"CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft","details":"CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft","aliases":["GHSA-p7mv-53f2-4cwj"],"modified":"2024-12-12T21:58:41Z","published":"2024-11-20T17:22:48Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3259","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/cometbft/cometbft/security/advisories/GHSA-p7mv-53f2-4cwj"},{"type":"WEB","url":"https://docs.cometbft.com/v0.38/spec/abci/abci++_basic_concepts"},{"type":"WEB","url":"https://github.com/cometbft/cometbft/releases/tag/v0.38.15"},{"type":"FIX","url":"https://github.com/cometbft/cometbft/commit/17d3bb66664cab6d6798c17e27198e15bbac1905"}],"affected":[{"package":{"name":"github.com/cometbft/cometbft","ecosystem":"Go","purl":"pkg:golang/github.com/cometbft/cometbft"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.38.0"},{"fixed":"0.38.15"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/cometbft/cometbft/state/indexer/block/kv","symbols":["BlockerIndexer.Search","BlockerIndexer.setTmpHeights"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3259.json"}}],"schema_version":"1.7.3"}