x/vulndb: potential Go vuln in github.com/evmos/evmos: CVE-2024-37158

[GoVulnBot]

Advisory CVE-2024-37158 references a vulnerability in the following Go modules:

Module
github.com/evmos/evmos

Description:
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network.
Preliminary checks on actions computed by the clawback vesting accounts are
performed in the ante handler. Evmos core, implements two different ante
handlers: one for Cosmos transactions and one for Ethereum transactions. Checks
performed on the two implementation are different. The vulnerability discovered
allowed a clawback account to bypass Cosmos ante handler checks by sending an
Ethereum transaction targeting a precompile used to interact with a Cosmos SDK
module. This vulnerability is fixed in 18.0.0.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-37158
• FIX: evmos/evmos@b2a09ca
• WEB: GHSA-pxv8-qhrh-jc7v

Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/evmos/evmos
      vulnerable_at: 1.1.3
      packages:
        - package: evmos
summary: CVE-2024-37158 in github.com/evmos/evmos
cves:
    - CVE-2024-37158
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37158
    - fix: https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb
    - web: https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v
source:
    id: CVE-2024-37158
    created: 2024-06-17T16:01:14.6951609Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/594901 mentions this issue: data/reports: add 18 unreviewed reports

[gopherbot]

Change https://go.dev/cl/595636 mentions this issue: data/reports: add 15 unreviewed reports