blob: 92b98115533d228df215aa9bade5c4da39107346 [file] [log] [blame]
id: GO-2023-1860
modules:
- module: github.com/cosmos/ibc-go/v7
versions:
- fixed: 7.0.1
vulnerable_at: 7.0.0
packages:
- package: github.com/cosmos/ibc-go/v7/modules/core/04-channel/keeper
symbols:
- Keeper.UnreceivedPackets
- package: github.com/cosmos/ibc-go/v7/modules/core/keeper
symbols:
- Keeper.RecvPacket
derived_symbols:
- Keeper.UnreceivedPackets
- module: github.com/cosmos/ibc-go/v6
versions:
- fixed: 6.1.1
vulnerable_at: 6.1.0
packages:
- package: github.com/cosmos/ibc-go/v6/modules/core/04-channel/keeper
symbols:
- Keeper.UnreceivedPackets
skip_fix: v6.1.0 does not build without replace directives
- package: github.com/cosmos/ibc-go/v6/modules/core/keeper
symbols:
- Keeper.RecvPacket
skip_fix: v6.1.0 does not build without replace directives
- module: github.com/cosmos/ibc-go/v5
versions:
- fixed: 5.2.1
- introduced: 5.3.0
- fixed: 5.3.1
vulnerable_at: 5.3.0
packages:
- package: github.com/cosmos/ibc-go/v5/modules/core/04-channel/keeper
symbols:
- Keeper.UnreceivedPackets
skip_fix: v5.3.0 does not build without replace directives
- package: github.com/cosmos/ibc-go/v5/modules/core/keeper
symbols:
- Keeper.RecvPacket
skip_fix: v5.3.0 does not build without replace directives
- module: github.com/cosmos/ibc-go/v4
versions:
- fixed: 4.1.3
- introduced: 4.2.0
- fixed: 4.2.2
- introduced: 4.3.0
- fixed: 4.3.1
- introduced: 4.4.0
- fixed: 4.4.1
vulnerable_at: 4.1.2
packages:
- package: github.com/cosmos/ibc-go/v4/modules/core/04-channel/keeper
symbols:
- Keeper.UnreceivedPackets
skip_fix: v4.1.2 does not build without replace directives
- package: github.com/cosmos/ibc-go/v4/modules/core/keeper
symbols:
- Keeper.RecvPacket
skip_fix: v4.1.2 does not build without replace directives
summary: IBC protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go
description: |-
The ibc-go module is affected by the Inter-Blockchain Communication (IBC)
protocol "Huckleberry" vulnerability.
references:
- advisory: https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731
review_status: REVIEWED