Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authz Module Non-Determinism
Vulnerability Description
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node’s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
Cosmos-SDK 代码问题漏洞
Vulnerability Description
Cosmos-SDK是一个在 Golang 中构建区块链应用程序的框架。 Cosmos-SDK 存在代码问题漏洞,该漏洞源于软件中的x/authz模块中的ValidateBasic方法的非确定性行为,受影响的SDK版本容易出现共识停止问题。
CVSS Information
N/A
Vulnerability Type
N/A