Vulnerability Report: GO-2025-3449
- GHSA-mx2j-7cmv-353c
- Affects: github.com/CosmWasm/wasmvm, github.com/CosmWasm/wasmvm/v2
- Published: Feb 05, 2025
- Unreviewed
wasmvm: Malicious smart contract can slow down block production in github.com/CosmWasm/wasmvm
For detailed information about this vulnerability, visit https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-mx2j-7cmv-353c.
Affected Modules
-
PathGo Versions
-
before v1.5.8
-
from v2.0.0 before v2.0.6, from v2.1.0 before v2.1.5, from v2.2.0 before v2.2.2
Aliases
References
- https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-mx2j-7cmv-353c
- https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-002.md
- https://github.com/CosmWasm/cosmwasm/commit/2b7f2faa57a1efc8207455c37f87f1eee6035a27
- https://github.com/CosmWasm/cosmwasm/commit/a5d62f65b5eb947ebe40e2085b1c48a9d0a244d0
- https://github.com/CosmWasm/cosmwasm/commit/d6143b0aff16a39bbea4be37597d8e9d9b213d3b
- https://github.com/CosmWasm/cosmwasm/commit/f0c04c03cbe2557634c1bbcdc2ce203fe7caca58
- https://vuln.go.dev/ID/GO-2025-3449.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.