CVE-2022-23507 - OpenCVE

Vendors	Products
Tendermint-light-client-js Project	Tendermint-light-client-js
Tendermint-light-client-verifier Project	Tendermint-light-client-verifier
Tendermint-light-client Project	Tendermint-light-client

Link	Providers
https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23507", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.774Z", "datePublished": "2022-12-15T00:01:04.540Z", "dateUpdated": "2024-08-03T03:43:46.470Z"}, "containers": {"cna": {"title": "Light client verification not taking into account chain ID", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5"}], "affected": [{"vendor": "informalsystems", "product": "tendermint-rs", "versions": [{"version": "0.28.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-15T00:01:04.540Z"}, "descriptions": [{"lang": "en", "value": "Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds."}], "source": {"advisory": "GHSA-xqqc-c5gw-c5r5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.470Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tendermint-light-client-js_project:tendermint-light-client-js:*:*:*:*:rust:*:*:*", "matchCriteriaId": "8AE9A733-0849-4587-8F47-A03E662F71B2", "versionEndExcluding": "0.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tendermint-light-client-verifier_project:tendermint-light-client-verifier:*:*:*:*:*:rust:*:*", "matchCriteriaId": "6722E7A5-A823-40C0-87A7-C13CABAD9466", "versionEndExcluding": "0.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tendermint-light-client_project:tendermint-light-client:*:*:*:*:rust:*:*:*", "matchCriteriaId": "0DF43910-4B14-414A-A96D-947A5D4EC035", "versionEndExcluding": "0.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds."}, {"lang": "es", "value": "Tendermint es un motor de consenso blockchain de alto rendimiento para aplicaciones Byzantine tolerantes a fallos. Las versiones anteriores a la 0.28.0 contienen un ataque potencial a trav\u00e9s de Improper Verification of Cryptographic Signature, que afecta a cualquiera que utilice tendermint-light-client y paquetes relacionados para realizar la verificaci\u00f3n del cliente ligero (por ejemplo, IBC-rs, Hermes). El cliente ligero no verifica que los ID de cadena de los encabezados confiables y no confiables coincidan, lo que genera un posible vector de ataque donde alguien que encuentre un encabezado de una cadena no confiable que satisfaga todas las dem\u00e1s condiciones de verificaci\u00f3n (por ejemplo, suficientes firmas de validador superpuestas) podr\u00eda enga\u00f1ar a un cliente ligero. Actualmente, el vector de ataque es te\u00f3rico y a\u00fan no existe ninguna prueba de concepto para explotarlo en redes activas. Este problema est\u00e1 solucionado en la versi\u00f3n 0.28.0. No hay workaround."}], "id": "CVE-2022-23507", "lastModified": "2022-12-20T16:14:56.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-12-15T19:15:16.723", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object