Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot

cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability

Impact

This vulnerability affects the ibc-go package for those running full nodes, dubbed "Huckleberry". According to their advisory:

This issue is low-severity in general, and it has a low impact and likelihood of exploitation. Depending on how a full node is architected, this issue could potentially yield a high or critical severity vulnerability.

There is no vulnerability in the DID/resource modules for cheqd-node.

Patches

Node operators are requested to upgrade to cheqd-node v1.4.2. This is a non-state breaking release, and does not require a coordinated upgrade across all node operators.

Workarounds

No. Node operators are recommended to upgrade to the latest release version.

References

• "Huckleberry" IBC security advisory
• ibc-go v6.1.1 release notes

Permalink: https://github.com/advisories/GHSA-7c94-gvvj-r3mg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago

Identifiers: GHSA-7c94-gvvj-r3mg
References:

• https://github.com/cheqd/cheqd-node/security/advisories/GHSA-7c94-gvvj-r3mg
• https://github.com/cheqd/cheqd-node/commit/f325f5f250e150e3e76a5a557669f67b606e34e1
• https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731
• https://github.com/cheqd/cheqd-node/releases/tag/v1.4.2
• https://github.com/cosmos/ibc-go/releases/tag/v6.1.1
• https://github.com/advisories/GHSA-7c94-gvvj-r3mg

Repository: https://github.com/cheqd/cheqd-node
Blast Radius: 0.0

Affected Packages