Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-8724-5xmm-w5xq: CosmWasm affected by arithmetic overflows

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations.

Affected functions:

  • Uint{256,512}::pow / Int{256,512}::pow
  • Int{256,512}::neg

Affected if overflow-checks = true is not set:

  • Uint{64,128}::pow / Int{64,128}::pow
  • Int{64,128}::neg
ghsa
#vulnerability#git

Skip to content

Navigation Menu

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-8724-5xmm-w5xq

CosmWasm affected by arithmetic overflows

Low severity GitHub Reviewed Published Apr 24, 2024 to the GitHub Advisory Database • Updated Apr 24, 2024

Package

cargo cosmwasm-std (Rust)

Affected versions

>= 1.3.0, < 1.4.4

>= 1.5.0, < 1.5.4

>= 2.0.0, < 2.0.2

Patched versions

1.4.4

1.5.4

2.0.2

Description

Published to the GitHub Advisory Database

Apr 24, 2024

Last updated

Apr 24, 2024

ghsa: Latest News

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server