Incorrect Calculation Affecting cosmwasm-vm package, versions <1.5.8>=2.0.0 <2.0.7>=2.1.0 <2.1.4
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-COSMWASMVM-8496399
- published11 Dec 2024
- disclosed10 Dec 2024
- creditmeadow101
Introduced: 10 Dec 2024
New CVE NOT AVAILABLE CWE-682 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade cosmwasm-vm to version 1.5.8, 2.0.7, 2.1.4 or higher.
Overview
cosmwasm-vm is a VM binding for cosmwams contracts
Affected versions of this package are vulnerable to Incorrect Calculation due to incorrect metering logic. An attacker can manipulate the execution of smart contracts by exploiting the flawed metering mechanism which fails to accurately account for resource consumption.