{"id":"RUSTSEC-2024-0366","summary":"CWA-2023-004: Excessive number of function parameters in compiled Wasm","details":"A specifically crafted Wasm file can cause the VM to consume excessive amounts of memory when compiling a contract.\nThis can lead to high memory usage, slowdowns, potentially a crash and can poison a lock in the VM,\npreventing any further interaction with contracts.\n\nFor more information, see [CWA-2023-004](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2023-004.md).","aliases":["GHSA-75qh-gg76-p2w4","GO-2024-3101"],"modified":"2025-10-28T06:29:34.177852Z","published":"2024-08-27T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/cosmwasm-vm"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0366.html"},{"type":"ADVISORY","url":"https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2023-004.md"}],"affected":[{"package":{"name":"cosmwasm-vm","ecosystem":"crates.io","purl":"pkg:cargo/cosmwasm-vm"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.2.8"},{"introduced":"1.3.0"},{"fixed":"1.3.4"},{"introduced":"1.4.0"},{"fixed":"1.4.2"},{"introduced":"1.5.0"},{"fixed":"1.5.1"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":[],"arch":[]}},"database_specific":{"categories":["denial-of-service"],"informational":null,"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0366.json"}}],"schema_version":"1.7.3"}