GO-2024-3339

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-3339

Import Source

https://vuln.go.dev/ID/GO-2024-3339.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2024-3339

Aliases

GHSA-8wcc-m6j2-qxvm

Published

2024-12-18T16:35:57Z

Modified

2024-12-20T21:48:20Z

Summary

Transaction decoding may result in a stack overflow or resource exhaustion in github.com/cosmos/cosmos-sdk

Details

Transaction decoding may result in a stack overflow or resource exhaustion in github.com/cosmos/cosmos-sdk

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-3339"
}

References

Affected packages

Go / cosmossdk.io/x/tx

Package

Name: cosmossdk.io/x/tx; View open source insights on deps.dev
Purl: pkg:golang/cosmossdk.io/x/tx

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.7

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Decoder.Decode",
                "RejectUnknownFields",
                "RejectUnknownFieldsStrict"
            ],
            "path": "cosmossdk.io/x/tx/decode"
        }
    ]
}

Go / github.com/cosmos/cosmos-sdk

Package

Name: github.com/cosmos/cosmos-sdk; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/cosmos-sdk

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.47.15

Introduced

0.50.0-alpha.0

Fixed

0.50.11

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "interfaceRegistry.UnpackAny"
            ],
            "path": "github.com/cosmos/cosmos-sdk/codec/types"
        },
        {
            "symbols": [
                "RejectUnknownFields",
                "RejectUnknownFieldsStrict"
            ],
            "path": "github.com/cosmos/cosmos-sdk/codec/unknownproto"
        }
    ]
}