{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T02:29:07.293","vulnerabilities":[{"cve":{"id":"CVE-2020-15091","sourceIdentifier":"security-advisories@github.com","published":"2020-07-02T17:15:12.547","lastModified":"2024-11-21T05:04:47.290","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit."},{"lang":"es","value":"TenderMint desde versión 0.33.0 y anteriores a versión 0.33.6, permite a proponentes de bloque incluir firmas para el bloque equivocado. Esto puede suceder naturalmente si inicia una red, la hace funcionar durante un tiempo y la reinicia (**without changing chainID**). Un proponente de bloque malicioso (inclusive con una cantidad mínima de participación) puede usar esta vulnerabilidad para detener completamente la red. Este problema es corregido en Tendermint versión 0.33.6, que comprueba que todas las firmas son para el bloque con una mayoría de 2/3+ antes de crear una confirmación"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tendermint:tendermint:*:*:*:*:*:*:*:*","versionStartIncluding":"0.33.0","versionEndExcluding":"0.33.6","matchCriteriaId":"48BDDFA1-3EF9-4F28-9686-41B9A2898B79"}]}]}],"references":[{"url":"https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tendermint/tendermint/issues/4926","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/tendermint/tendermint/security/advisories/GHSA-6jqj-f58p-mrw3","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tendermint/tendermint/issues/4926","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/tendermint/tendermint/security/advisories/GHSA-6jqj-f58p-mrw3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}