RUSTSEC-2024-0338

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2024-0338
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0338.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2024-0338
Aliases
Published
2024-04-24T12:00:00Z
Modified
2025-07-28T16:27:06.685643Z
Summary
Arithmetic overflows in cosmwasm-std
Details

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations.

Affected functions:

  • Uint{256,512}::pow / Int{256,512}::pow
  • Int{256,512}::neg

Affected if overflow-checks = true is not set:

  • Uint{64,128}::pow / Int{64,128}::pow
  • Int{64,128}::neg
Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / cosmwasm-std

Package

Name
cosmwasm-std
View open source insights on deps.dev
Purl
pkg:cargo/cosmwasm-std

Affected ranges

Type
SEMVER
Events
Introduced
1.3.0
Fixed
1.4.4
Introduced
1.5.0
Fixed
1.5.4
Introduced
2.0.0
Fixed
2.0.2

Ecosystem specific 

{
    "affects": {
        "arch": [],
        "os": [],
        "functions": []
    },
    "affected_functions": null
}

Database specific

categories

[]

informational

null

cvss

null