data/reports/GO-2023-1860.yaml - vulndb - Git at Google

 id: GO-2023-1860
 modules:
     - module: github.com/cosmos/ibc-go/v7
       versions:
         - fixed: 7.0.1
       vulnerable_at: 7.0.0
       packages:
         - package: github.com/cosmos/ibc-go/v7/modules/core/04-channel/keeper
           symbols:
             - Keeper.UnreceivedPackets
         - package: github.com/cosmos/ibc-go/v7/modules/core/keeper
           symbols:
             - Keeper.RecvPacket
           derived_symbols:
             - Keeper.UnreceivedPackets
     - module: github.com/cosmos/ibc-go/v6
       versions:
         - fixed: 6.1.1
       vulnerable_at: 6.1.0
       packages:
         - package: github.com/cosmos/ibc-go/v6/modules/core/04-channel/keeper
           symbols:
             - Keeper.UnreceivedPackets
           skip_fix: v6.1.0 does not build without replace directives
         - package: github.com/cosmos/ibc-go/v6/modules/core/keeper
           symbols:
             - Keeper.RecvPacket
           skip_fix: v6.1.0 does not build without replace directives
     - module: github.com/cosmos/ibc-go/v5
       versions:
         - fixed: 5.2.1
         - introduced: 5.3.0
           fixed: 5.3.1
       vulnerable_at: 5.3.0
       packages:
         - package: github.com/cosmos/ibc-go/v5/modules/core/04-channel/keeper
           symbols:
             - Keeper.UnreceivedPackets
           skip_fix: v5.3.0 does not build without replace directives
         - package: github.com/cosmos/ibc-go/v5/modules/core/keeper
           symbols:
             - Keeper.RecvPacket
           skip_fix: v5.3.0 does not build without replace directives
     - module: github.com/cosmos/ibc-go/v4
       versions:
         - fixed: 4.1.3
         - introduced: 4.2.0
           fixed: 4.2.2
         - introduced: 4.3.0
           fixed: 4.3.1
         - introduced: 4.4.0
           fixed: 4.4.1
       vulnerable_at: 4.1.2
       packages:
         - package: github.com/cosmos/ibc-go/v4/modules/core/04-channel/keeper
           symbols:
             - Keeper.UnreceivedPackets
           skip_fix: v4.1.2 does not build without replace directives
         - package: github.com/cosmos/ibc-go/v4/modules/core/keeper
           symbols:
             - Keeper.RecvPacket
           skip_fix: v4.1.2 does not build without replace directives
 summary: IBC protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go
 description: |-
     The ibc-go module is affected by the Inter-Blockchain Communication (IBC)
     protocol "Huckleberry" vulnerability.
 references:
     - advisory: https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731
 review_status: REVIEWED
	id: GO-2023-1860
	modules:
	- module: github.com/cosmos/ibc-go/v7
	versions:
	- fixed: 7.0.1
	vulnerable_at: 7.0.0
	packages:
	- package: github.com/cosmos/ibc-go/v7/modules/core/04-channel/keeper
	symbols:
	- Keeper.UnreceivedPackets
	- package: github.com/cosmos/ibc-go/v7/modules/core/keeper
	symbols:
	- Keeper.RecvPacket
	derived_symbols:
	- Keeper.UnreceivedPackets
	- module: github.com/cosmos/ibc-go/v6
	versions:
	- fixed: 6.1.1
	vulnerable_at: 6.1.0
	packages:
	- package: github.com/cosmos/ibc-go/v6/modules/core/04-channel/keeper
	symbols:
	- Keeper.UnreceivedPackets
	skip_fix: v6.1.0 does not build without replace directives
	- package: github.com/cosmos/ibc-go/v6/modules/core/keeper
	symbols:
	- Keeper.RecvPacket
	skip_fix: v6.1.0 does not build without replace directives
	- module: github.com/cosmos/ibc-go/v5
	versions:
	- fixed: 5.2.1
	- introduced: 5.3.0
	fixed: 5.3.1
	vulnerable_at: 5.3.0
	packages:
	- package: github.com/cosmos/ibc-go/v5/modules/core/04-channel/keeper
	symbols:
	- Keeper.UnreceivedPackets
	skip_fix: v5.3.0 does not build without replace directives
	- package: github.com/cosmos/ibc-go/v5/modules/core/keeper
	symbols:
	- Keeper.RecvPacket
	skip_fix: v5.3.0 does not build without replace directives
	- module: github.com/cosmos/ibc-go/v4
	versions:
	- fixed: 4.1.3
	- introduced: 4.2.0
	fixed: 4.2.2
	- introduced: 4.3.0
	fixed: 4.3.1
	- introduced: 4.4.0
	fixed: 4.4.1
	vulnerable_at: 4.1.2
	packages:
	- package: github.com/cosmos/ibc-go/v4/modules/core/04-channel/keeper
	symbols:
	- Keeper.UnreceivedPackets
	skip_fix: v4.1.2 does not build without replace directives
	- package: github.com/cosmos/ibc-go/v4/modules/core/keeper
	symbols:
	- Keeper.RecvPacket
	skip_fix: v4.1.2 does not build without replace directives
	summary: IBC protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go
	description: \|-
	The ibc-go module is affected by the Inter-Blockchain Communication (IBC)
	protocol "Huckleberry" vulnerability.
	references:
	- advisory: https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731
	review_status: REVIEWED