CVE-2024-58263: 
Rust vulnerability analysis and mitigation

CVE-2024-58263 affects the cosmwasm-std crate versions before 2.0.2 for Rust. The vulnerability was discovered and disclosed on July 27, 2025. The issue impacts multiple versions of the cosmwasm-std package including versions 1.3.0 through 1.4.3, 1.5.0 through 1.5.3, and 2.0.0 through 2.0.1 (NVD).

The vulnerability involves integer overflow issues that can cause incorrect contract calculations. Specifically, certain mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very large numbers. The affected functions include Uint{256,512}::pow, Int{256,512}::pow, and Int{256,512}::neg. Additionally, Uint{64,128}::pow and Int{64,128}::pow are affected when overflow-checks=true is not set (RustSec). The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) by NVD and 3.7 (Low) by MITRE (NVD).

When exploited, this vulnerability can lead to incorrect calculations in smart contracts that utilize these mathematical operations. The integer overflows can result in unexpected behavior and potentially impact the integrity of contract computations (RustSec).

The vulnerability has been patched in cosmwasm-std version 2.0.2 and later. Users should upgrade to version 2.0.2 or newer to address this issue. For versions 1.x, patches are available in versions 1.4.4 and 1.5.4 (RustSec).