9 matches found
CVE-2025-25500
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...
CVE-2025-25500
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...
CVE-2025-25500
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...
CVE-2025-25500
CosmWasm prior to v2.2.0 is affected. The issue stems from a lack of runtime capability validation, allowing an attacker to bypass capability restrictions, deploy a contract without enforcement, and perform unauthorized blockchain actions. Affected software: CosmWasm (pre-2.2.0). Root cause: insu...
Denial Of Service (DoS)
github.com/CosmWasm/wasmvm is vulnerable to a Denial-of-Service DoS. The vulnerability is due to a bug affecting both permissioned and permissionless chains due to its ability to be reliably triggered using a malicious contract, potentially causing a chain crash...
cauuu (>=0.1.0 <=0.1.1), cosmwasm-check (>=1.1.0 <=1.3.4) +16 more potentially affected by unknown CVE via cosmwasm-vm (>=0.10.1 <=1.3.4)
cosmwasm-vm CARGO version =0.10.1, =0.1.0, =1.1.0, =0.13.2, =0.4.0, =0.4.0, =0.2.0, =0.4.0, =0.2.0, =0.2.1, =0.1.12, =0.1.13 - terra-math =0.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-MX2J-7CMV-353C...
Cosmos: Attacker can use any non-enabled capability
The Capabilites implementation in CosmWasm contracts was found to have a vulnerability. Even if the executing chain did not allow a specific capability, a CosmWasm contract could still execute actions that required that capability. This was due to a naive implementation of capabilities and...
cauuu (>=0.1.0 <=0.1.1), cosmwasm-check (>=1.1.0 <=1.3.4) +16 more potentially affected by unknown CVE via cosmwasm-vm (>=0.10.1 <=1.3.4)
cosmwasm-vm CARGO version =0.10.1, =0.1.0, =1.1.0, =0.13.2, =0.4.0, =0.4.0, =0.2.0, =0.4.0, =0.2.0, =0.2.1, =0.1.12, =0.1.13 - terra-math =0.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-VMQH-5232-V43R...
GO-2024-3082 CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd
CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd...