GO-2024-3339

Source
https://pkg.go.dev/vuln/GO-2024-3339
Import Source
https://vuln.go.dev/ID/GO-2024-3339.json
JSON Data
https://api.test.osv.dev/v1/vulns/GO-2024-3339
Aliases
Published
2024-12-18T16:35:57Z
Modified
2024-12-20T21:48:20Z
Summary
Transaction decoding may result in a stack overflow or resource exhaustion in github.com/cosmos/cosmos-sdk
Details

Transaction decoding may result in a stack overflow or resource exhaustion in github.com/cosmos/cosmos-sdk

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-3339"
}
References

Affected packages

Go / cosmossdk.io/x/tx

Package

Name
cosmossdk.io/x/tx
View open source insights on deps.dev
Purl
pkg:golang/cosmossdk.io/x/tx

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.7

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Decoder.Decode",
                "RejectUnknownFields",
                "RejectUnknownFieldsStrict"
            ],
            "path": "cosmossdk.io/x/tx/decode"
        }
    ]
}

Go / github.com/cosmos/cosmos-sdk

Package

Name
github.com/cosmos/cosmos-sdk
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/cosmos-sdk

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.47.15
Introduced
0.50.0-alpha.0
Fixed
0.50.11

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "interfaceRegistry.UnpackAny"
            ],
            "path": "github.com/cosmos/cosmos-sdk/codec/types"
        },
        {
            "symbols": [
                "RejectUnknownFields",
                "RejectUnknownFieldsStrict"
            ],
            "path": "github.com/cosmos/cosmos-sdk/codec/unknownproto"
        }
    ]
}