GHSA-4G52-PQCJ-PHVH

Vulnerability from github – Published: 2021-05-21 16:23 – Updated: 2021-05-20 20:51
VLAI?
Summary
BLS Signature "Malleability"
Details

Impact

  1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays.
  2. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block.

The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.

Patches

By switching from the go based blst bindings over to the bindings in filecoin-ffi, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393

References

  • Original POC: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filecoin-project/lotus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21405"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-20T20:51:00Z",
    "nvd_published_at": "2021-04-15T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - \"serialized\", and \"compressed\", meaning that BLS signatures can be provided as either of 2 unique byte arrays.\n2. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block.\n\nThe result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.\n\n### Patches\n\nBy switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized.\nThis happened in https://github.com/filecoin-project/lotus/pull/5393\n\n\n### References\n\n- Original POC: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754",
  "id": "GHSA-4g52-pqcj-phvh",
  "modified": "2021-05-20T20:51:00Z",
  "published": "2021-05-21T16:23:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21405"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filecoin-project/lotus/pull/5393"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "BLS Signature \"Malleability\""
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.