3.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-m3rh-cvr5-x6q4

GHSA-m3rh-cvr5-x6q4: CosmWasm wasmd has large address count in ValidateBasic

Component: wasmd Criticality: Low (ACMv1: I:Moderate; L:Unlikely) Patched versions: wasmd 0.52.0

In multiple wasmd message types it was possible to add a large number of addresses which might lead to unexpected resource consumption in ValidateBasic.

See CWA-2024-003 for more details.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-m3rh-cvr5-x6q4

GHSA-m3rh-cvr5-x6q4:

3.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/CosmWasm/wasmd	go	< 0.52	0.52

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from address validation functions (assertValidAddresses/checkDuplicatedAddresses) lacking maximum size checks. These were used in multiple message types' ValidateBasic methods. The patch replaced them with validateBech32Addresses that adds MaxAddressCount (50) validation. The affected functions identified: 1) AccessConfig.ValidateBasic handled contract permissions, 2) MsgAdd/RemoveCodeUploadParamsAddresses managed parameter changes - all critical paths for address list processing without size constraints pre-patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.7

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-m3rh-cvr5-x6q4: CosmWasm wasmd has large address count in ValidateBasic

GHSA-m3rh-cvr5-x6q4:

3.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

GHSA-m3rh-cvr5-x6q4: CosmWasm wasmd has large address count in ValidateBasic

3.7

3.7

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI