x/vulndb: potential Go vuln in github.com/cosmos/gaia: GHSA-83qr-9v2h-qxp4

[GoVulnBot]

Advisory GHSA-83qr-9v2h-qxp4 references a vulnerability in the following Go modules:

Module
github.com/cosmos/gaia

Description:

Summary

An issue was identified in the Interchain Security (ICS) module that could result in the slashing of a validator for an "old" equivocation. The height-base filter for consumer equivocation evidence introduced in v2.4.0-lsm was re-enabled.

Details

ICS v2.4.0-lsm introduced a height-base filter for consumer equivocation evidence. This feature enables a provider to set per consumer chain minimum heights for which cryptographic evid...

References:

• ADVISORY: GHSA-83qr-9v2h-qxp4
• ADVISORY: GHSA-83qr-9v2h-qxp4

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/cosmos/gaia
      non_go_versions:
        - introduced: TODO (earliest fixed "17.3.0", vuln range "> 14.2.0, < 17.3.0")
      vulnerable_at: 1.0.0
summary: |-
    Cosmos Hub (Gaia): The check for the height of cryptographic equivocation
    evidence is missing in github.com/cosmos/gaia
ghsas:
    - GHSA-83qr-9v2h-qxp4
references:
    - advisory: https://github.com/advisories/GHSA-83qr-9v2h-qxp4
    - advisory: https://github.com/cosmos/gaia/security/advisories/GHSA-83qr-9v2h-qxp4
source:
    id: GHSA-83qr-9v2h-qxp4
    created: 2024-08-14T18:01:19.457919808Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/606775 mentions this issue: data/reports: add 4 reports