Skip to content

Commit

Permalink
Add cosmwasm-vm advisory CWA-2023-004 (#2052)
Browse files Browse the repository at this point in the history 
* Add CWA-2023-004

* Fix description
  • Loading branch information
@chipshort
chipshort authored Aug 27, 2024
1 parent dd0703e commit 956def6
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions crates/cosmwasm-vm/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "cosmwasm-vm"
date = "2024-08-27"
url = "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2023-004.md"
categories = ["denial-of-service"]
keywords = ["resource-consumption", "crash", "deadlock"]

[versions]
patched = [">= 1.2.8, < 1.3.0", ">= 1.3.4, < 1.4.0", ">= 1.4.2, < 1.5.0", ">= 1.5.1"]
```

# CWA-2023-004: Excessive number of function parameters in compiled Wasm

A specifically crafted Wasm file can cause the VM to consume excessive amounts of memory when compiling a contract.
This can lead to high memory usage, slowdowns, potentially a crash and can poison a lock in the VM,
preventing any further interaction with contracts.

For more information, see [CWA-2023-004](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2023-004.md).

0 comments on commit 956def6

Please sign in to comment.