CVE-2022-23507
Light client verification not taking into account chain ID
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds.
Tendermint es un motor de consenso blockchain de alto rendimiento para aplicaciones Byzantine tolerantes a fallos. Las versiones anteriores a la 0.28.0 contienen un ataque potencial a través de Improper Verification of Cryptographic Signature, que afecta a cualquiera que utilice tendermint-light-client y paquetes relacionados para realizar la verificación del cliente ligero (por ejemplo, IBC-rs, Hermes). El cliente ligero no verifica que los ID de cadena de los encabezados confiables y no confiables coincidan, lo que genera un posible vector de ataque donde alguien que encuentre un encabezado de una cadena no confiable que satisfaga todas las demás condiciones de verificación (por ejemplo, suficientes firmas de validador superpuestas) podría engañar a un cliente ligero. Actualmente, el vector de ataque es teórico y aún no existe ninguna prueba de concepto para explotarlo en redes activas. Este problema está solucionado en la versión 0.28.0. No hay workaround.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-12-15 CVE Published
- 2024-07-07 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tendermint-light-client-js Project Search vendor "Tendermint-light-client-js Project" | Tendermint-light-client-js Search vendor "Tendermint-light-client-js Project" for product "Tendermint-light-client-js" | < 0.28.0 Search vendor "Tendermint-light-client-js Project" for product "Tendermint-light-client-js" and version " < 0.28.0" | rust |
Affected
| ||||||
| Tendermint-light-client-verifier Project Search vendor "Tendermint-light-client-verifier Project" | Tendermint-light-client-verifier Search vendor "Tendermint-light-client-verifier Project" for product "Tendermint-light-client-verifier" | < 0.28.0 Search vendor "Tendermint-light-client-verifier Project" for product "Tendermint-light-client-verifier" and version " < 0.28.0" | rust |
Affected
| ||||||
| Tendermint-light-client Project Search vendor "Tendermint-light-client Project" | Tendermint-light-client Search vendor "Tendermint-light-client Project" for product "Tendermint-light-client" | < 0.28.0 Search vendor "Tendermint-light-client Project" for product "Tendermint-light-client" and version " < 0.28.0" | rust |
Affected
| ||||||