GO-2024-2874

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-2874

Import Source

https://vuln.go.dev/ID/GO-2024-2874.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-2874

Aliases

GHSA-qjcv-rx3v-7mvj

Published

2024-05-23T14:47:35Z

Modified

2026-03-03T04:55:25.749521Z

Summary

Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go

Details

The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability. The vulnerability allowed an attacker to send arbitrary transactions onto target chains and trigger arbitrary state transitions, including but not limited to, theft of funds. It was possible to exploit this vulnerability in specific situations involving relaying packets in which the source chain is also the final destination chain. Affected networks are those that allow for fee grant capabilities and use a native Relayer (e.g., Osmosis and Juno).

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2024-2874",
    "review_status": "REVIEWED"
}

References

Affected packages

github.com/cosmos/ibc-go

Package

Name: github.com/cosmos/ibc-go; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"

github.com/cosmos/ibc-go/v2

Package

Name: github.com/cosmos/ibc-go/v2; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go/v2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"

github.com/cosmos/ibc-go/v3

Package

Name: github.com/cosmos/ibc-go/v3; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go/v3

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"

github.com/cosmos/ibc-go/v4

Package

Name: github.com/cosmos/ibc-go/v4; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go/v4

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"

github.com/cosmos/ibc-go/v5

Package

Name: github.com/cosmos/ibc-go/v5; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go/v5

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"

github.com/cosmos/ibc-go/v6

Package

Name: github.com/cosmos/ibc-go/v6; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go/v6

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"

github.com/cosmos/ibc-go/v7

Package

Name: github.com/cosmos/ibc-go/v7; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/ibc-go/v7

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.1

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Keeper.UnreceivedPackets"
            ],
            "path": "github.com/cosmos/ibc-go/v7/modules/core/04-channel/keeper"
        }
    ]
}

Database specific

source

"https://vuln.go.dev/ID/GO-2024-2874.json"