Name of the Vulnerable Software and Affected Versions: CometBFT versions <= v0.38.16, v1.0.0

Description: A bug in CometBFT's validation of block part indices and proof part indices can lead to incorrect processing and dissemination of invalid parts, potentially causing a network halt. This issue affects validators, full nodes, and users. The problem arises from the lack of validation of the Index field in the Part struct, allowing a malicious peer to disseminate seemingly valid block parts that can stall the network.

Recommendations: For versions <= v0.38.16, upgrade to v0.38.17 to fix the issue. For version v1.0.0, upgrade to v1.0.1 to fix the issue. As a temporary workaround, consider upgrading CometBFT to prevent the dissemination of invalid block parts. After upgrading, validators will eventually conclude the correct value.