Vulnerability Report: GO-2024-3279
- GHSA-7225-m954-23v7
- Affects: cosmossdk.io/math
- Published: Nov 21, 2024
- Modified: Dec 12, 2024
Mismatched bit-length validation in can lead to panic in cosmossdk.io/math
For detailed information about this vulnerability, visit https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.4.0
36 affected symbols
- LegacyDec.Add
- LegacyDec.AddMut
- LegacyDec.ApproxRoot
- LegacyDec.ApproxSqrt
- LegacyDec.Ceil
- LegacyDec.ImmutOp
- LegacyDec.ImmutOpInt
- LegacyDec.ImmutOpInt64
- LegacyDec.Mul
- LegacyDec.MulInt
- LegacyDec.MulInt64
- LegacyDec.MulInt64Mut
- LegacyDec.MulIntMut
- LegacyDec.MulMut
- LegacyDec.MulRoundUp
- LegacyDec.MulRoundUpMut
- LegacyDec.MulTruncate
- LegacyDec.MulTruncateMut
- LegacyDec.Power
- LegacyDec.PowerMut
- LegacyDec.Quo
- LegacyDec.QuoInt
- LegacyDec.QuoInt64
- LegacyDec.QuoMut
- LegacyDec.QuoRoundUp
- LegacyDec.QuoRoundupMut
- LegacyDec.QuoTruncate
- LegacyDec.QuoTruncateMut
- LegacyDec.Sub
- LegacyDec.SubMut
- LegacyDec.Unmarshal
- LegacyDec.UnmarshalAmino
- LegacyDec.UnmarshalJSON
- LegacyDecApproxEq
- LegacyMustNewDecFromStr
- LegacyNewDecFromStr
Aliases
References
- https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7
- https://github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862
- https://vuln.go.dev/ID/GO-2024-3279.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.