-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 2 needs review reports
- data/reports/GO-2025-3448.yaml - data/reports/GO-2025-3449.yaml Updates #3448 Updates #3449 Change-Id: Ia36b7c1627053f98f3c7503729d0a474c4f0f8e8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/647056 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>
- Loading branch information
Showing
4 changed files
with
248 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3448", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "GHSA-23qp-3c2m-xx6w" | ||
| ], | ||
| "summary": "wasmvm: Malicious smart contract can crash the chain in github.com/CosmWasm/wasmvm", | ||
| "details": "wasmvm: Malicious smart contract can crash the chain in github.com/CosmWasm/wasmvm", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/CosmWasm/wasmvm", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.5.8" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/CosmWasm/wasmvm/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "2.0.0" | ||
| }, | ||
| { | ||
| "fixed": "2.0.6" | ||
| }, | ||
| { | ||
| "introduced": "2.1.0" | ||
| }, | ||
| { | ||
| "fixed": "2.1.5" | ||
| }, | ||
| { | ||
| "introduced": "2.2.0" | ||
| }, | ||
| { | ||
| "fixed": "2.2.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-23qp-3c2m-xx6w" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/CosmWasm/wasmvm/commit/0aefa4c378457aeb3c07e7975b875be38872c56d" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/CosmWasm/wasmvm/commit/1151bc6df7d02d1889b8da37cf8510eaf4198eea" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/CosmWasm/wasmvm/commit/8d44a286fabc793a2fba93752e58cd0fd5b88a2d" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/CosmWasm/wasmvm/commit/d4ff2adee44e6b9f7415a5dfbb3de745ab9b7678" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-001.md" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3448", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3449", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "GHSA-mx2j-7cmv-353c" | ||
| ], | ||
| "summary": "wasmvm: Malicious smart contract can slow down block production in github.com/CosmWasm/wasmvm", | ||
| "details": "wasmvm: Malicious smart contract can slow down block production in github.com/CosmWasm/wasmvm", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/CosmWasm/wasmvm", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.5.8" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/CosmWasm/wasmvm/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "2.0.0" | ||
| }, | ||
| { | ||
| "fixed": "2.0.6" | ||
| }, | ||
| { | ||
| "introduced": "2.1.0" | ||
| }, | ||
| { | ||
| "fixed": "2.1.5" | ||
| }, | ||
| { | ||
| "introduced": "2.2.0" | ||
| }, | ||
| { | ||
| "fixed": "2.2.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-mx2j-7cmv-353c" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-002.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CosmWasm/cosmwasm/commit/2b7f2faa57a1efc8207455c37f87f1eee6035a27" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CosmWasm/cosmwasm/commit/a5d62f65b5eb947ebe40e2085b1c48a9d0a244d0" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CosmWasm/cosmwasm/commit/d6143b0aff16a39bbea4be37597d8e9d9b213d3b" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CosmWasm/cosmwasm/commit/f0c04c03cbe2557634c1bbcdc2ce203fe7caca58" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3449", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| id: GO-2025-3448 | ||
| modules: | ||
| - module: github.com/CosmWasm/wasmvm | ||
| versions: | ||
| - fixed: 1.5.8 | ||
| vulnerable_at: 1.5.7 | ||
| - module: github.com/CosmWasm/wasmvm/v2 | ||
| versions: | ||
| - introduced: 2.0.0 | ||
| - fixed: 2.0.6 | ||
| - introduced: 2.1.0 | ||
| - fixed: 2.1.5 | ||
| - introduced: 2.2.0 | ||
| - fixed: 2.2.2 | ||
| vulnerable_at: 2.2.1 | ||
| summary: 'wasmvm: Malicious smart contract can crash the chain in github.com/CosmWasm/wasmvm' | ||
| ghsas: | ||
| - GHSA-23qp-3c2m-xx6w | ||
| references: | ||
| - advisory: https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-23qp-3c2m-xx6w | ||
| - fix: https://github.com/CosmWasm/wasmvm/commit/0aefa4c378457aeb3c07e7975b875be38872c56d | ||
| - fix: https://github.com/CosmWasm/wasmvm/commit/1151bc6df7d02d1889b8da37cf8510eaf4198eea | ||
| - fix: https://github.com/CosmWasm/wasmvm/commit/8d44a286fabc793a2fba93752e58cd0fd5b88a2d | ||
| - fix: https://github.com/CosmWasm/wasmvm/commit/d4ff2adee44e6b9f7415a5dfbb3de745ab9b7678 | ||
| - web: https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-001.md | ||
| source: | ||
| id: GHSA-23qp-3c2m-xx6w | ||
| created: 2025-02-05T18:05:10.210601-05:00 | ||
| review_status: NEEDS_REVIEW |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| id: GO-2025-3449 | ||
| modules: | ||
| - module: github.com/CosmWasm/wasmvm | ||
| versions: | ||
| - fixed: 1.5.8 | ||
| vulnerable_at: 1.5.7 | ||
| - module: github.com/CosmWasm/wasmvm/v2 | ||
| versions: | ||
| - introduced: 2.0.0 | ||
| - fixed: 2.0.6 | ||
| - introduced: 2.1.0 | ||
| - fixed: 2.1.5 | ||
| - introduced: 2.2.0 | ||
| - fixed: 2.2.2 | ||
| vulnerable_at: 2.2.1 | ||
| summary: 'wasmvm: Malicious smart contract can slow down block production in github.com/CosmWasm/wasmvm' | ||
| ghsas: | ||
| - GHSA-mx2j-7cmv-353c | ||
| references: | ||
| - advisory: https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-mx2j-7cmv-353c | ||
| - web: https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2025-002.md | ||
| - web: https://github.com/CosmWasm/cosmwasm/commit/2b7f2faa57a1efc8207455c37f87f1eee6035a27 | ||
| - web: https://github.com/CosmWasm/cosmwasm/commit/a5d62f65b5eb947ebe40e2085b1c48a9d0a244d0 | ||
| - web: https://github.com/CosmWasm/cosmwasm/commit/d6143b0aff16a39bbea4be37597d8e9d9b213d3b | ||
| - web: https://github.com/CosmWasm/cosmwasm/commit/f0c04c03cbe2557634c1bbcdc2ce203fe7caca58 | ||
| source: | ||
| id: GHSA-mx2j-7cmv-353c | ||
| created: 2025-02-05T18:05:06.244469-05:00 | ||
| review_status: NEEDS_REVIEW |