x/vulndb: potential Go vuln in github.com/cometbft/cometbft: GHSA-qr8r-m495-7hc4

[GoVulnBot]

In GitHub Security Advisory GHSA-qr8r-m495-7hc4, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/cometbft/cometbft	0.38.3	>= 0.38.0, < 0.38.3

Cross references:

• Module github.com/cometbft/cometbft appears in issue x/vulndb: potential Go vuln in github.com/cometbft/cometbft: GHSA-hq58-p9mv-338c #2092 NOT_A_VULNERABILITY
• Module github.com/cometbft/cometbft appears in issue x/vulndb: potential Go vuln in github.com/cometbft/cometbft: CVE-2023-34450 #1882
• Module github.com/cometbft/cometbft appears in issue x/vulndb: potential Go vuln in github.com/cometbft/cometbft: CVE-2023-34451 #1883

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cometbft/cometbft
      versions:
        - introduced: 0.38.0
          fixed: 0.38.3
      vulnerable_at: 0.38.2
      packages:
        - package: github.com/cometbft/cometbft
summary: |-
    Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package
    github.com/cometbft/cometbft
ghsas:
    - GHSA-qr8r-m495-7hc4
references:
    - advisory: https://github.com/cometbft/cometbft/security/advisories/GHSA-qr8r-m495-7hc4
    - fix: https://github.com/cometbft/cometbft/commit/5fbc97378b94b0945febe9549399e7c9c5df13ed
    - advisory: https://github.com/advisories/GHSA-qr8r-m495-7hc4

[gopherbot]

Change https://go.dev/cl/557896 mentions this issue: data/reports: add GO-2024-2471.yaml