Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GO-2024-2874
HistoryMay 23, 2024 - 2:47 p.m.

Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go

2024-05-2314:47:35
Google
osv.dev
3
inter-blockchain communication
ibc protocol
huckleberry
vulnerability
github
ibc-go
attacker
transactions
state transitions
theft of funds
relaying packets
source chain
destination chain
affected networks
fee grant capabilities
native relayer
osmosis
juno
software

7.1 High

AI Score

Confidence

High

JSON

The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol β€œHuckleberry” vulnerability. The vulnerability allowed an attacker to send arbitrary transactions onto target chains and trigger arbitrary state transitions, including but not limited to, theft of funds. It was possible to exploit this vulnerability in specific situations involving relaying packets in which the source chain is also the final destination chain. Affected networks are those that allow for fee grant capabilities and use a native Relayer (e.g., Osmosis and Juno).

CPENameOperatorVersion
github.com/cosmos/ibc-go/v7lt7.0.1

7.1 High

AI Score

Confidence

High

JSON