From 956def623f05c1e349c8ad5b5275ee4d86155d2e Mon Sep 17 00:00:00 2001
From: Christoph Otter <chris@confio.gmbh>
Date: Tue, 27 Aug 2024 18:21:54 +0200
Subject: [PATCH] Add cosmwasm-vm advisory CWA-2023-004 (#2052)

* Add CWA-2023-004

* Fix description
---
 crates/cosmwasm-vm/RUSTSEC-0000-0000.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 crates/cosmwasm-vm/RUSTSEC-0000-0000.md

diff --git a/crates/cosmwasm-vm/RUSTSEC-0000-0000.md b/crates/cosmwasm-vm/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..53b6aa904
--- /dev/null
+++ b/crates/cosmwasm-vm/RUSTSEC-0000-0000.md
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "cosmwasm-vm"
+date = "2024-08-27"
+url = "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2023-004.md"
+categories = ["denial-of-service"]
+keywords = ["resource-consumption", "crash", "deadlock"]
+
+[versions]
+patched = [">= 1.2.8, < 1.3.0", ">= 1.3.4, < 1.4.0", ">= 1.4.2, < 1.5.0", ">= 1.5.1"]
+```
+
+# CWA-2023-004: Excessive number of function parameters in compiled Wasm
+
+A specifically crafted Wasm file can cause the VM to consume excessive amounts of memory when compiling a contract.
+This can lead to high memory usage, slowdowns, potentially a crash and can poison a lock in the VM,
+preventing any further interaction with contracts.
+
+For more information, see [CWA-2023-004](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2023-004.md).