{"id":"GHSA-w6rp-vxj2-fjhr","summary":"Cosmos packet-forward-middleware vulnerable to chain-halt","details":"The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The [packet-forward-middleware](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware) module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The `packet-forward-middleware` module is vulnerable to potential chain-halt due to error non-determinism.\n\n### Patches\nPlease patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version:\nv4.1.1\nv5.2.1\nv6.1.1","aliases":["GO-2023-2156"],"modified":"2024-08-21T14:57:07.751723Z","published":"2023-10-26T23:10:19Z","database_specific":{"cwe_ids":[],"github_reviewed_at":"2023-10-26T23:10:19Z","severity":"HIGH","github_reviewed":true,"nvd_published_at":null},"references":[{"type":"WEB","url":"https://github.com/cosmos/ibc-apps/security/advisories/GHSA-w6rp-vxj2-fjhr"},{"type":"PACKAGE","url":"https://github.com/cosmos/ibc-apps"}],"affected":[{"package":{"name":"github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4","ecosystem":"Go","purl":"pkg:golang/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"4.1.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w6rp-vxj2-fjhr/GHSA-w6rp-vxj2-fjhr.json"}},{"package":{"name":"github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5","ecosystem":"Go","purl":"pkg:golang/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"5.2.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w6rp-vxj2-fjhr/GHSA-w6rp-vxj2-fjhr.json"}},{"package":{"name":"github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6","ecosystem":"Go","purl":"pkg:golang/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.1.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w6rp-vxj2-fjhr/GHSA-w6rp-vxj2-fjhr.json"}}],"schema_version":"1.7.3"}