MidnightBSD

Advisories for cosmwasm

CVE-2024-58263

The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
cosmwasm cosmwasm-std *
CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.2 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L 1.4 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
cosmwasm serde-json-wasm *
CVE-2025-25500

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
cosmwasm cosmwasm *