GHSA-7225-m954-23v7: ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

November 20, 2024

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High (Considerable Impact, and Possible Likelihood per ACMv1.2) Affected versions: cosmossdk.io/math package versions <= math/v1.3.0 Affected users: Chain Builders + Maintainers, Validators

References

github.com/advisories/GHSA-7225-m954-23v7
github.com/cosmos/cosmos-sdk
github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862
github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7

Detect and mitigate GHSA-7225-m954-23v7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →