VDB
GO-2025-3442
GO-2025-3442
PUBLISHED
CometBFT allows a malicious peer to make node stuck in blocksync in github.com/cometbft/cometbft
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | cometbft/cometbft | 0, 0, 0 |
Timeline
- Feb 4, 2025 CVE Published
- Nov 18, 2025 CVE Updated
References
- https://github.com/cometbft/cometbft/security/advisories/GHSA-22qq-3xwm-r5x4 advisory
- https://github.com/cometbft/cometbft/commit/0ee80cd609c7ae9fe856bdd1c6d38553fdae90ce fix
- https://github.com/cometbft/cometbft/commit/2cebfde06ae5073c0b296a9d2ca6ab4b95397ea5 fix
- https://github.com/cometbft/cometbft/releases/tag/v0.38.17 fix
- https://github.com/cometbft/cometbft/releases/tag/v1.0.1 fix