{"id":"RUSTSEC-2024-0361","summary":"CWA-2024-004: Gas mispricing in cosmwasm-vm","details":"Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of ~10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain.\n\nFor more information, see [CWA-2024-004](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-004.md).","aliases":["GHSA-rg2q-2jh9-447q"],"modified":"2024-08-08T17:11:37Z","published":"2024-08-08T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/cosmwasm-vm"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0361.html"},{"type":"ADVISORY","url":"https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-004.md"}],"affected":[{"package":{"name":"cosmwasm-vm","ecosystem":"crates.io","purl":"pkg:cargo/cosmwasm-vm"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.5.7"},{"introduced":"2.0.0"},{"fixed":"2.0.6"},{"introduced":"2.1.0"},{"fixed":"2.1.3"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0361.json","informational":null,"categories":["denial-of-service"],"cvss":null}}],"schema_version":"1.7.3"}