GHSA-r3r4-g7hq-pq4f: CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts
(updated )
Name: ASA-2025-002: Malicious peer can stall network by disseminating seemingly valid block parts Component: CometBFT Criticality: High (Catastrophic Impact; Possible Likelihood per ACMv1.2) Affected versions: <= v0.38.16, v1.0.0 Affected users: Validators, Full nodes, Users
References
- github.com/advisories/GHSA-r3r4-g7hq-pq4f
- github.com/cometbft/cometbft
- github.com/cometbft/cometbft/commit/415c0da223bb7694608913f725fa45bd7a7a46bf
- github.com/cometbft/cometbft/commit/f943aabc7b9201ea1089ff3381479929435ce424
- github.com/cometbft/cometbft/security/advisories/GHSA-r3r4-g7hq-pq4f
- pkg.go.dev/vuln/GO-2025-3443
Code Behaviors & Features
Detect and mitigate GHSA-r3r4-g7hq-pq4f with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →