Skip to content

Cosmos packet-forward-middleware vulnerable to chain-halt

High severity GitHub Reviewed Published Oct 25, 2023 in cosmos/ibc-apps • Updated Oct 26, 2023

Package

gomod github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4 (Go)

Affected versions

< 4.1.1

Patched versions

4.1.1
gomod github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5 (Go)
< 5.2.1
5.2.1
gomod github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6 (Go)
< 6.1.1
6.1.1

Description

The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The packet-forward-middleware module is vulnerable to potential chain-halt due to error non-determinism.

Patches

Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version:
v4.1.1
v5.2.1
v6.1.1

References

@agouin agouin published to cosmos/ibc-apps Oct 25, 2023
Published to the GitHub Advisory Database Oct 26, 2023
Reviewed Oct 26, 2023
Last updated Oct 26, 2023

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-w6rp-vxj2-fjhr

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.