- Reported
-
- Issued
-
- Package
-
cosmwasm-vm
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#resource-consumption
#crash
#deadlock
- References
-
- Patched
-
>=1.2.8, <1.3.0>=1.3.4, <1.4.0>=1.4.2, <1.5.0>=1.5.1
Description
A specifically crafted Wasm file can cause the VM to consume excessive amounts of memory when compiling a contract.
This can lead to high memory usage, slowdowns, potentially a crash and can poison a lock in the VM,
preventing any further interaction with contracts.
For more information, see CWA-2023-004.
Advisory available under CC0-1.0
license.