Headline

GHSA-7c94-gvvj-r3mg: cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability

Impact

This vulnerability affects the ibc-go package for those running full nodes, dubbed “Huckleberry”. According to their advisory:

This issue is low-severity in general, and it has a low impact and likelihood of exploitation. Depending on how a full node is architected, this issue could potentially yield a high or critical severity vulnerability.

There is no vulnerability in the DID/resource modules for cheqd-node.

Patches

Node operators are requested to upgrade to cheqd-node v1.4.2. This is a non-state breaking release, and does not require a coordinated upgrade across all node operators.

Workarounds

No. Node operators are recommended to upgrade to the latest release version.

References

1 year ago

ghsa

Open in Source

#vulnerability #git

Package

gomod github.com/cheqd/cheqd-node (Go)

Affected versions

< 1.4.2

Patched versions

1.4.2

Description

Impact

This vulnerability affects the ibc-go package for those running full nodes, dubbed "Huckleberry". According to their advisory:

This issue is low-severity in general, and it has a low impact and likelihood of exploitation. Depending on how a full node is architected, this issue could potentially yield a high or critical severity vulnerability.

There is no vulnerability in the DID/resource modules for cheqd-node.

Patches

Node operators are requested to upgrade to cheqd-node v1.4.2. This is a non-state breaking release, and does not require a coordinated upgrade across all node operators.

Workarounds

No. Node operators are recommended to upgrade to the latest release version.

References