Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The packet-forward-middleware module is vulnerable to potential chain-halt due to error non-determinism.
Patches
Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version:
v4.1.1
v5.2.1
v6.1.1
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
Identifiers: GHSA-w6rp-vxj2-fjhr
References:
- https://github.com/cosmos/ibc-apps/security/advisories/GHSA-w6rp-vxj2-fjhr
- https://github.com/advisories/GHSA-w6rp-vxj2-fjhr
Blast Radius: 0.0
Affected Packages
go:github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6
Dependent packages: 6Dependent repositories: 0
Downloads:
Affected Version Ranges: < 6.1.1
Fixed in: 6.1.1
All affected versions: 6.1.0
All unaffected versions: 6.1.1, 6.1.2
go:github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5
Dependent packages: 3Dependent repositories: 0
Downloads:
Affected Version Ranges: < 5.2.1
Fixed in: 5.2.1
All affected versions: 5.2.0
All unaffected versions: 5.2.1, 5.2.2
go:github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Dependent packages: 38Dependent repositories: 1
Downloads:
Affected Version Ranges: < 4.1.1
Fixed in: 4.1.1
All affected versions: 4.1.0
All unaffected versions: 4.1.1, 4.1.2