GHSA-8724-5xmm-w5xq

Suggest an improvement
Source
https://github.com/advisories/GHSA-8724-5xmm-w5xq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-8724-5xmm-w5xq/GHSA-8724-5xmm-w5xq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8724-5xmm-w5xq
Aliases
Published
2024-04-24T17:37:59Z
Modified
2024-04-27T02:11:41.328520Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
CosmWasm affected by arithmetic overflows
Details

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations.

Affected functions:

  • Uint{256,512}::pow / Int{256,512}::pow
  • Int{256,512}::neg

Affected if overflow-checks = true is not set:

  • Uint{64,128}::pow / Int{64,128}::pow
  • Int{64,128}::neg
Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-190"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T17:37:59Z"
}
References

Affected packages

crates.io / cosmwasm-std

Package

Affected ranges

Type
SEMVER
Events
Introduced
1.3.0
Fixed
1.4.4

crates.io / cosmwasm-std

Package

Affected ranges

Type
SEMVER
Events
Introduced
1.5.0
Fixed
1.5.4

crates.io / cosmwasm-std

Package

Affected ranges

Type
SEMVER
Events
Introduced
2.0.0
Fixed
2.0.2