data/reports: review GO-2024-3279

  - data/reports/GO-2024-3279.yaml

Fixes #3279

Change-Id: I0051eafa5770842c6946624b2a66b20806438b2b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635735
Reviewed-by: Zvonimir Pavlinovic <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>

Author: tatianab

data/osv/GO-2024-3279.json

@@ -6,8 +6,8 @@
   "aliases": [
     "GHSA-7225-m954-23v7"
   ],
-  "summary": "ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic",
-  "details": "ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic",
+  "summary": "Mismatched bit-length validation in can lead to panic in cosmossdk.io/math",
+  "details": "Mismatched bit-length validation in can lead to panic in cosmossdk.io/math",
   "affected": [
     {
       "package": {
@@ -27,7 +27,51 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "cosmossdk.io/math",
+            "symbols": [
+              "LegacyDec.Add",
+              "LegacyDec.AddMut",
+              "LegacyDec.ApproxRoot",
+              "LegacyDec.ApproxSqrt",
+              "LegacyDec.Ceil",
+              "LegacyDec.ImmutOp",
+              "LegacyDec.ImmutOpInt",
+              "LegacyDec.ImmutOpInt64",
+              "LegacyDec.Mul",
+              "LegacyDec.MulInt",
+              "LegacyDec.MulInt64",
+              "LegacyDec.MulInt64Mut",
+              "LegacyDec.MulIntMut",
+              "LegacyDec.MulMut",
+              "LegacyDec.MulRoundUp",
+              "LegacyDec.MulRoundUpMut",
+              "LegacyDec.MulTruncate",
+              "LegacyDec.MulTruncateMut",
+              "LegacyDec.Power",
+              "LegacyDec.PowerMut",
+              "LegacyDec.Quo",
+              "LegacyDec.QuoInt",
+              "LegacyDec.QuoInt64",
+              "LegacyDec.QuoMut",
+              "LegacyDec.QuoRoundUp",
+              "LegacyDec.QuoRoundupMut",
+              "LegacyDec.QuoTruncate",
+              "LegacyDec.QuoTruncateMut",
+              "LegacyDec.Sub",
+              "LegacyDec.SubMut",
+              "LegacyDec.Unmarshal",
+              "LegacyDec.UnmarshalAmino",
+              "LegacyDec.UnmarshalJSON",
+              "LegacyDecApproxEq",
+              "LegacyMustNewDecFromStr",
+              "LegacyNewDecFromStr"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -36,12 +80,12 @@
       "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7"
     },
     {
-      "type": "WEB",
+      "type": "FIX",
       "url": "https://github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862"
     }
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-3279",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }

data/reports/GO-2024-3279.yaml

@@ -4,15 +4,53 @@ modules:
       versions:
         - fixed: 1.4.0
       vulnerable_at: 1.3.0
-summary: |-
-    ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and
-    sdk.Dec can lead to panic
+      packages:
+        - package: cosmossdk.io/math
+          symbols:
+            - LegacyDec.MulIntMut
+            - LegacyDec.AddMut
+            - LegacyDec.QuoMut
+            - LegacyDec.Unmarshal
+            - LegacyDec.SubMut
+            - LegacyNewDecFromStr
+            - LegacyDec.MulMut
+            - LegacyDec.QuoRoundupMut
+            - LegacyDec.Ceil
+            - LegacyDec.MulTruncateMut
+            - LegacyDec.MulRoundUpMut
+            - LegacyDec.MulInt64Mut
+            - LegacyDec.QuoTruncateMut
+          derived_symbols:
+            - LegacyDec.Add
+            - LegacyDec.ApproxRoot
+            - LegacyDec.ApproxSqrt
+            - LegacyDec.ImmutOp
+            - LegacyDec.ImmutOpInt
+            - LegacyDec.ImmutOpInt64
+            - LegacyDec.Mul
+            - LegacyDec.MulInt
+            - LegacyDec.MulInt64
+            - LegacyDec.MulRoundUp
+            - LegacyDec.MulTruncate
+            - LegacyDec.Power
+            - LegacyDec.PowerMut
+            - LegacyDec.Quo
+            - LegacyDec.QuoInt
+            - LegacyDec.QuoInt64
+            - LegacyDec.QuoRoundUp
+            - LegacyDec.QuoTruncate
+            - LegacyDec.Sub
+            - LegacyDec.UnmarshalAmino
+            - LegacyDec.UnmarshalJSON
+            - LegacyDecApproxEq
+            - LegacyMustNewDecFromStr
+summary: Mismatched bit-length validation in can lead to panic in cosmossdk.io/math
 ghsas:
     - GHSA-7225-m954-23v7
 references:
     - advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7
-    - web: https://github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862
+    - fix: https://github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862
 source:
     id: GHSA-7225-m954-23v7
-    created: 2024-11-21T14:39:42.980234-05:00
-review_status: NEEDS_REVIEW
+    created: 2024-12-12T14:35:45.296697-05:00
+review_status: REVIEWED