Name of the Vulnerable Software and Affected Versions: wasmvm versions 2.2.0 through 2.2.1 wasmvm versions 2.1.0 through 2.1.4 wasmvm versions 2.0.0 through 2.0.5 wasmvm versions prior to 1.5.8

Description: The issue can be used to slow down block production and requires a malicious contract. Permissioned chains are unlikely to be affected.

Recommendations: For versions 2.2.0 through 2.2.1, update to version 2.2.2. For versions 2.1.0 through 2.1.4, update to version 2.1.5. For versions 2.0.0 through 2.0.5, update to version 2.0.6. For versions prior to 1.5.8, update to version 1.5.8. As a temporary workaround, consider restricting the deployment of malicious contracts until a patch is applied. Follow your regular practices to deploy chain upgrades, noting that the patch is consensus breaking and requires a coordinated upgrade.