GHSA-w6rp-vxj2-fjhr

Source

https://github.com/advisories/GHSA-w6rp-vxj2-fjhr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w6rp-vxj2-fjhr/GHSA-w6rp-vxj2-fjhr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w6rp-vxj2-fjhr

Aliases

GO-2023-2156

Published

2023-10-26T23:10:19Z

Modified

2024-08-21T14:57:07.751723Z

Summary

Cosmos packet-forward-middleware vulnerable to chain-halt

Details

The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The packet-forward-middleware module is vulnerable to potential chain-halt due to error non-determinism.

Patches

Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version: v4.1.1 v5.2.1 v6.1.1

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-26T23:10:19Z"
}

References

Affected packages

Go / github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4

Package

Name: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.1

Go / github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5

Package

Name: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.1

Go / github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6

Package

Name: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.1