x/vulndb: potential Go vuln in github.com/cosmos/evm: GHSA-8pfh-j44r-f654 #4041
Description
Advisory GHSA-8pfh-j44r-f654 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/cosmos/evm |
Description:
Patches
Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.
Workarounds
No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.
Testing
Tests are introduced in every affected version.
Credits
Special thanks to @yihuang for the help on this issue.
References:
- ADVISORY: GHSA-8pfh-j44r-f654
- ADVISORY: GHSA-8pfh-j44r-f654
- FIX: cosmos/evm@79089fe
Cross references:
- github.com/cosmos/evm appears in 1 other report(s):
- data/reports/GO-2025-3684.yaml (x/vulndb: potential Go vuln in github.com/cosmos/evm: GHSA-mjfq-3qr2-6g84 #3684)
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/cosmos/evm
versions:
- introduced: 0.3.0
- fixed: 0.3.2
- introduced: 0.4.0
- fixed: 0.4.2
vulnerable_at: 0.4.1
summary: Cosmos EVM Vulnerability in github.com/cosmos/evm
ghsas:
- GHSA-8pfh-j44r-f654
references:
- advisory: https://github.com/advisories/GHSA-8pfh-j44r-f654
- advisory: https://github.com/cosmos/evm/security/advisories/GHSA-8pfh-j44r-f654
- fix: https://github.com/cosmos/evm/commit/79089feebe79ce1f35250ba457cbd436e6bfff8b
source:
id: GHSA-8pfh-j44r-f654
created: 2025-10-21T19:01:31.872971283Z
review_status: UNREVIEWED