Vulnerability Report: GO-2025-3448
- GHSA-23qp-3c2m-xx6w
- Affects: github.com/CosmWasm/wasmvm, github.com/CosmWasm/wasmvm/v2, and 2 more
- Published: Feb 05, 2025
- Modified: Mar 18, 2025
Malicious smart contract can crash the chain in github.com/CosmWasm/wasmvm
For detailed information about this vulnerability, visit https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-23qp-3c2m-xx6w.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.5.8all symbols
-
before v2.0.6all symbols
-
before v2.1.5all symbols
-
before v2.2.2all symbols
Aliases
References
- https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-23qp-3c2m-xx6w
- https://github.com/CosmWasm/wasmvm/commit/0aefa4c378457aeb3c07e7975b875be38872c56d
- https://github.com/CosmWasm/wasmvm/commit/1151bc6df7d02d1889b8da37cf8510eaf4198eea
- https://github.com/CosmWasm/wasmvm/commit/8d44a286fabc793a2fba93752e58cd0fd5b88a2d
- https://github.com/CosmWasm/wasmvm/commit/d4ff2adee44e6b9f7415a5dfbb3de745ab9b7678
- https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-001.md
- https://vuln.go.dev/ID/GO-2025-3448.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.