GO-2024-2874

Source
https://pkg.go.dev/vuln/GO-2024-2874
Import Source
https://vuln.go.dev/ID/GO-2024-2874.json
JSON Data
https://api.test.osv.dev/v1/vulns/GO-2024-2874
Aliases
Published
2024-05-23T14:47:35Z
Modified
2024-05-23T15:11:47.287207Z
Summary
Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go
Details

The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability. The vulnerability allowed an attacker to send arbitrary transactions onto target chains and trigger arbitrary state transitions, including but not limited to, theft of funds. It was possible to exploit this vulnerability in specific situations involving relaying packets in which the source chain is also the final destination chain. Affected networks are those that allow for fee grant capabilities and use a native Relayer (e.g., Osmosis and Juno).

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-2874"
}
References

Affected packages

Go / github.com/cosmos/ibc-go

Package

Name
github.com/cosmos/ibc-go
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Go / github.com/cosmos/ibc-go/v2

Package

Name
github.com/cosmos/ibc-go/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Go / github.com/cosmos/ibc-go/v3

Package

Name
github.com/cosmos/ibc-go/v3
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go/v3

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Go / github.com/cosmos/ibc-go/v4

Package

Name
github.com/cosmos/ibc-go/v4
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go/v4

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Go / github.com/cosmos/ibc-go/v5

Package

Name
github.com/cosmos/ibc-go/v5
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go/v5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Go / github.com/cosmos/ibc-go/v6

Package

Name
github.com/cosmos/ibc-go/v6
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go/v6

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Go / github.com/cosmos/ibc-go/v7

Package

Name
github.com/cosmos/ibc-go/v7
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/ibc-go/v7

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.1

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Keeper.UnreceivedPackets"
            ],
            "path": "github.com/cosmos/ibc-go/v7/modules/core/04-channel/keeper"
        }
    ]
}