Skip to content

CWA-2025-002: Malicious smart contract can slow down block production

Moderate
chipshort published GHSA-mx2j-7cmv-353c Feb 4, 2025

Package

cargo cosmwasm-vm (Rust)

Affected versions

2.2.0
>= 2.1.0, < 2.1.6
>= 2.0.0, < 2.0.9
< 1.5.10

Patched versions

2.2.1
2.1.6
2.0.9
1.5.10
gomod github.com/CosmWasm/wasmvm (Go)
< 1.5.8
1.5.8
gomod github.com/CosmWasm/wasmvm/v2 (Go)
>= 2.2.0, < 2.2.2
>= 2.1.0, < 2.1.5
>= 2.0.0, < 2.0.6
2.2.2
2.1.5
2.0.6

Description

See CWA-2025-002 for more details on how to patch this.

Severity

Moderate

CVE ID

No known CVE

Weaknesses

No CWEs