Name of the Vulnerable Software and Affected Versions wasmvm versions 2.1.0 through 2.1.2 wasmvm versions 2.0.0 through 2.0.3 wasmvm versions prior to 1.5.5 cosmwasm-vm versions 2.1.0 through 2.1.3 cosmwasm-vm versions 2.0.0 through 2.0.6 cosmwasm-vm versions prior to 1.5.8

Description The issue was found by meadow101 and reported to the Cosmos Bug Bounty Program on HackerOne. A patch has been developed and released. The patch is consensus breaking and requires a coordinated upgrade.

Recommendations For wasmvm versions 2.1.0 through 2.1.2, update to version 2.1.3. For wasmvm versions 2.0.0 through 2.0.3, update to version 2.0.4. For wasmvm versions prior to 1.5.5, update to version 1.5.5. For cosmwasm-vm versions 2.1.0 through 2.1.3, update to version 2.1.4. For cosmwasm-vm versions 2.0.0 through 2.0.6, update to version 2.0.7. For cosmwasm-vm versions prior to 1.5.8, update to version 1.5.8.