PT-2025-11230 — Go Github.Com/Cheqd/Cheqd-Node

PT-2025-11230 · Go · Github.Com/Cheqd/Cheqd-Node

Published

2025-03-13

Updated

2025-03-13

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Description

There have been two upstream security advisories and associated patches published under ISA-2025-001 and ISA-2025-002.

ISA-2025-001 affects the IBC-Go package., where non-deterministic JSON unmarshalling of IBC Acknowledgements can result in a chain halt.

ISA-2025-002 affects the Cosmos SDK package, where x/group can halt when erroring in EndBlocker.

Impact

If unaddressed, this could result in a chain halt.

Patches

Validators, full nodes, and IBC relayers should upgrade to cheqd-node v3.1.8. This upgrade does not require a software upgrade proposal on-chain and is meant to be non state-breaking.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1395

Related Identifiers

GHSA-H2RP-8VPX-Q9R4

Affected Products

Github.Com/Cheqd/Cheqd-Node