Vulnerability Report: GO-2024-2951

A malicious peer can cause a syncing node to panic during blocksync. The syncing node may enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.

For detailed information about this vulnerability, visit https://github.com/cometbft/cometbft/security/advisories/GHSA-hg58-rf2h-6rr7.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL