GHSA-hrhf-2vcr-ghch: CometBFT's invalid BitArray handling can lead to network halt
(updated )
Name: ASA-2025-003: Invalid BitArray handling can lead to network halt
Criticality: High (Considerable Impact; Possible Likelihood per ACMv1.2)
Affected versions: <= v0.38.18, <= v0.37.15, and main development branches
Affected users: Validators, Full nodes, Users
References
- github.com/advisories/GHSA-hrhf-2vcr-ghch
- github.com/cometbft/cometbft
- github.com/cometbft/cometbft/commit/be5677c3e58f998b7f67bb6186dd2c9b81a041a1
- github.com/cometbft/cometbft/commit/dcb1f265b59477be40804f7ccdc4fb30612d6a4f
- github.com/cometbft/cometbft/releases/tag/v0.37.16
- github.com/cometbft/cometbft/releases/tag/v0.38.19
- github.com/cometbft/cometbft/security/advisories/GHSA-hrhf-2vcr-ghch
Code Behaviors & Features
Detect and mitigate GHSA-hrhf-2vcr-ghch with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →