RUSTSEC-2024-0338: Vulnerability in cosmwasm-std

Rust Crates.io Security Advisory


History
Edit
JSON (OSV)

RUSTSEC-2024-0338

Arithmetic overflows in cosmwasm-std


Reported
Issued

Package

cosmwasm-std
(crates.io)

Type

Vulnerability

Keywords

#overflow

#integer

#arithmetic

References
Patched
  • >=1.4.4, <1.5.0
  • >=1.5.4, <2.0.0
  • >=2.0.2
Unaffected
  • <1.3.0

Description

Some mathematical operations in cosmwasm-std use wrapping math instead of
panicking on overflow for very big numbers. This can lead to wrong calculations in contracts
that use these operations.

Affected functions:

  • Uint{256,512}::pow / Int{256,512}::pow
  • Int{256,512}::neg

Affected if overflow-checks = true is not set:

  • Uint{64,128}::pow / Int{64,128}::pow
  • Int{64,128}::neg

Advisory available under CC0-1.0
license.

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *