GHSA-m3rh-cvr5-x6q4 – github.com/cosmwasm/wasmd

Package

Manager: go
Name: github.com/cosmwasm/wasmd
Vulnerable Version: >=0 <0.52

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

CosmWasm wasmd has large address count in ValidateBasic **Component:** wasmd **Criticality:** Low ([ACMv1](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Moderate; L:Unlikely) **Patched versions:** wasmd 0.52.0 In multiple wasmd message types it was possible to add a large number of addresses which might lead to unexpected resource consumption in ValidateBasic. See [CWA-2024-003](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-003.md) for more details.

Metadata

Created: 2024-08-08T16:36:26Z
Modified: 2024-11-18T16:27:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-m3rh-cvr5-x6q4/GHSA-m3rh-cvr5-x6q4.json
CWE IDs: ["CWE-400"]
Alternative ID: N/A
Finding: F067
Auto approve: 1