github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability

2024-05-2021:51:33

GitHub Advisory Database

github.com

github

cosmos

ibc

protocol

vulnerability

software

7.1 High

AI Score

Confidence

Low

JSON

The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol “Huckleberry” vulnerability.

Affected configurations

Vulners

Node

github.com\/cosmos\/ibcgoRange≤1.5.0

github.com\/cosmos\/ibcgo\/v2Range≤2.5.0

github.com\/cosmos\/ibcgo\/v3Range≤3.4.0

github.com\/cosmos\/ibcgo\/v4Range<4.4.1

github.com\/cosmos\/ibcgo\/v4Range<4.3.1

github.com\/cosmos\/ibcgo\/v4Range<4.2.2

github.com\/cosmos\/ibcgo\/v4Range<4.1.3

github.com\/cosmos\/ibcgo\/v5Range<5.3.1

github.com\/cosmos\/ibcgo\/v5Range<5.2.1

github.com\/cosmos\/ibcgo\/v6Range<6.1.1

github.com\/cosmos\/ibcgo\/v7Range<7.0.1

CPENameOperatorVersion
github.com/cosmos/ibc-gole1.5.0
github.com/cosmos/ibc-go/v2le2.5.0
github.com/cosmos/ibc-go/v3le3.4.0
github.com/cosmos/ibc-go/v4lt4.4.1
github.com/cosmos/ibc-go/v4lt4.3.1
github.com/cosmos/ibc-go/v4lt4.2.2
github.com/cosmos/ibc-go/v4lt4.1.3
github.com/cosmos/ibc-go/v5lt5.3.1
github.com/cosmos/ibc-go/v5lt5.2.1
github.com/cosmos/ibc-go/v6lt6.1.1

Name	Operator	Version
github.com/cosmos/ibc-go	le	1.5.0
github.com/cosmos/ibc-go/v2	le	2.5.0
github.com/cosmos/ibc-go/v3	le	3.4.0
github.com/cosmos/ibc-go/v4	lt	4.4.1
github.com/cosmos/ibc-go/v4	lt	4.3.1
github.com/cosmos/ibc-go/v4	lt	4.2.2
github.com/cosmos/ibc-go/v4	lt	4.1.3
github.com/cosmos/ibc-go/v5	lt	5.3.1
github.com/cosmos/ibc-go/v5	lt	5.2.1
github.com/cosmos/ibc-go/v6	lt	6.1.1

Rows per page:

1-10 of 111

References

forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731

github.com/advisories/GHSA-qjcv-rx3v-7mvj

github.com/cosmos/ibc-go/commit/c77f80f812940fe3b93980d13a5cdd6980e907cc

github.com/cosmos/ibc-go/issues/1532

github.com/cosmos/ibc-go/releases/tag/v6.1.1

pkg.go.dev/vuln/GO-2023-1860

7.1 High

AI Score

Confidence

Low

JSON