CVE-2022-36111: 
NixOS vulnerability analysis and mitigation

immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This vulnerability (CVE-2022-36111) was discovered through an internal security review and affects only the immudb client SDKs, while the immudb server itself is not affected. The issue was disclosed on November 23, 2022 (NVD, GitHub Advisory).

The vulnerability stems from insufficient verification of proofs generated by the immudb server in the client SDK. immudb uses Merkle Tree enhanced with additional linear part to perform consistency proofs between transactions. When doing consistency checks between two immudb states, the linear proof part is not fully checked - only the first and last entries are verified against the new Merkle Tree without ensuring that elements in the middle of that chain are correctly added as Merkle Tree leafs. This lack of verification allows the database to present different sets of hashes on the linear proof part compared to what would later be used once those become part of the Merkle Tree (GitHub Advisory).

The vulnerability could allow a malicious server to expose two different transaction entries depending on the other transaction that the user requested consistency proof for. This means a client could write data, receive confirmation, but later when retrieving that same transaction, receive completely different data that would still validate against the current database state (GitHub Advisory).

The vulnerability has been patched in version 1.4.1 of the immudb client SDK. As a workaround, users can run a genuine immudb replica server in a safe environment and fully synchronize all databases with the primary to ensure that the server does not produce invalid proofs (GitHub Advisory).