One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8291699 |
| Date de publication | 2022-12-15 19:15:16 (vue: 2022-12-15 22:07:16) |
| Titre | CVE-2022-23507 |
| Texte | Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2022 23507 affecting all anyone applications are attack blockchain byzantine chain check client concept conditions consensus contain could cryptographic currently cve does engine enough exists exploit fault finds fool from header headers hermes high ibc ids improper issue light live match networks not other overlapping packages patched perform performance possible potential prior proof related resulting satisfies signature signatures someone tendermint theoretical tolerant trusted untrusted using validator vector verification version versions where who workarounds yet |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.