Headline
GHSA-w6rp-vxj2-fjhr: Cosmos packet-forward-middleware vulnerable to chain-halt
The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The packet-forward-middleware module is vulnerable to potential chain-halt due to error non-determinism.
Patches
Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain’s ibc-go major version: v4.1.1 v5.2.1 v6.1.1
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-w6rp-vxj2-fjhr
Cosmos packet-forward-middleware vulnerable to chain-halt
High severity GitHub Reviewed Published Oct 25, 2023 in cosmos/ibc-apps • Updated Oct 26, 2023
Package
gomod github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4 (Go)
Affected versions
< 4.1.1
gomod github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5 (Go)
gomod github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6 (Go)
The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The packet-forward-middleware module is vulnerable to potential chain-halt due to error non-determinism.
Patches
Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain’s ibc-go major version:
v4.1.1
v5.2.1
v6.1.1
References
- GHSA-w6rp-vxj2-fjhr
Published to the GitHub Advisory Database
Oct 26, 2023
Last updated
Oct 26, 2023