Vulnerabilites related to vyperlang - vyper
Vulnerability from fkie_nvd
Published
2023-09-18 21:16
Modified
2024-11-21 08:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "A72ADE58-4A32-4163-9E4D-E79413B0AEFE", versionEndExcluding: "0.3.10", versionStartIncluding: "0.2.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant(\"\")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.", }, { lang: "es", value: "Vyper es un Lenguaje de Contrato Inteligente de Python para la Máquina Virtual Ethereum (EVM). A partir de la versión 0.2.9 y anteriores a la versión 0.3.10, los bloqueos del tipo '@nonreentrant(\"\")' o '@nonreentrant('')' no producen comprobaciones de reentrada en tiempo de ejecución. Este problema se corrigió en la versión 0.3.10. Como workaround, asegúrese de que el nombre del bloqueo sea una cadena no vacía.", }, ], id: "CVE-2023-42441", lastModified: "2024-11-21T08:22:32.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-18T21:16:09.750", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/vyperlang/vyper/pull/3605", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/vyperlang/vyper/pull/3605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-833", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-24 22:15
Modified
2024-11-21 08:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "BA2EC8D5-7723-4112-B674-AB70975FDEEA", versionEndExcluding: "0.3.8", versionStartIncluding: "0.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.", }, ], id: "CVE-2023-30629", lastModified: "2024-11-21T08:00:32.820", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-24T22:15:10.030", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/lidofinance/gate-seals/pull/5/files", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/lidofinance/gate-seals/pull/5/files", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-670", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-09 09:15
Modified
2024-11-21 06:58
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38 | Exploit, Mitigation, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "FB4CAF48-B1D1-4580-A439-64BAF7FB5C9A", versionEndExcluding: "0.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.", }, { lang: "es", value: "Vyper es un Lenguaje de Contratos Inteligentes de Python para la máquina virtual de Ethereum. En versiones anteriores a 0.3.4, cuando es llamado a un contrato externo sin valor de retorno, la dirección del contrato (incluyendo los efectos secundarios) podía ser evaluada dos veces. Esto podía resultar en respuestas incorrectas para los contratos. Este problema ha sido abordado en versión 0.3.4", }, ], id: "CVE-2022-29255", lastModified: "2024-11-21T06:58:49.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-09T09:15:08.377", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-670", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-670", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-11 22:15
Modified
2024-11-21 08:02
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "4E33CC4B-8A7D-4AB9-91C6-7B103ED59531", versionEndExcluding: "0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.", }, ], id: "CVE-2023-32059", lastModified: "2024-11-21T08:02:37.893", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-11T22:15:11.803", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-683", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-19 20:15
Modified
2024-11-21 08:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "4E33CC4B-8A7D-4AB9-91C6-7B103ED59531", versionEndExcluding: "0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.", }, ], id: "CVE-2023-32675", lastModified: "2024-11-21T08:03:49.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-19T20:15:09.230", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-670", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 18:15
Modified
2024-11-21 08:18
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "56FB25B4-6446-4B4B-87AA-D4368B4B8685", versionEndIncluding: "0.3.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", }, { lang: "es", value: "Vyper es un Lenguaje de Contratos Inteligentes de Python. Para la siguiente lista de expresiones (probablemente no exhaustiva), el compilador evalúa los argumentos de derecha a izquierda en lugar de izquierda a derecha. \"unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (cuando lhs y rhs son enums)\". Este comportamiento se convierte en un problema cuando la evaluación de uno de los argumentos produce efectos secundarios de los que dependen otros argumentos. Las siguientes expresiones pueden producir efectos secundarios: llamada externa que modifica el estado, llamada interna que modifica el estado, \"raw_call\", \"pop()\" cuando se utiliza un array dinámico almacenado en el almacenamiento, \"create_minimal_proxy_to\", \"create_copy_of\" y \"create_from_blueprint\". Este problema aún no se ha solucionado. Se aconseja a los usuarios que se aseguren de que los argumentos de la expresión no producen efectos secundarios o, si alguno los produce, de que ningún otro argumento depende de esos efectos secundarios. ", }, ], id: "CVE-2023-40015", lastModified: "2024-11-21T08:18:31.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T18:15:07.880", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-670", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-07 17:15
Modified
2024-11-21 08:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.
There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.\n\nThere are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. Las matrices pueden codificarse mediante un entero con signo, mientras que están definidas solo para enteros sin signo. El verificador de tipos no arroja datos al detectar el uso de un `int` como índice para una matriz. El verificador de tipos permite el uso de números enteros con signo como índices de matrices. La vulnerabilidad está presente en diferentes formas en todas las versiones, incluida la \"0.3.10\". Para enteros, se utiliza la representación en complemento a 2. Debido a que la matriz fue declarada muy grande, la verificación de los límites pasará. Los valores negativos simplemente se representarán como números muy grandes. Al momento de la publicación, no existe una versión fija. Hay tres clases potenciales de vulnerabilidad: comportamiento impredecible, acceso a elementos inaccesibles y denegación de servicio. Clase 1: si es posible indexar una matriz con un número entero negativo sin revertirla, lo más probable es que el desarrollador no lo anticipe y dichos accesos pueden causar un comportamiento impredecible para el contrato. Clase 2: si un contrato tiene una invariante en la forma \"afirmar índice = x` son accesibles. Sin embargo, al utilizar índices negativos, esto se puede evitar. Clase 3: Si el índice depende del estado del contrato, esto plantea un riesgo de denegación de servicio. Si el estado del contrato se puede manipular de tal manera que el índice se vea obligado a ser negativo, el acceso a la matriz siempre se puede revertir (porque lo más probable es que la matriz no se declare extremadamente grande). Sin embargo, todos estos escenarios son muy improbables. El comportamiento más probable es revertir la comprobación de los límites.", }, ], id: "CVE-2024-24563", lastModified: "2024-11-21T08:59:25.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-07T17:15:10.913", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-25 18:15
Modified
2025-01-02 22:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "CEC5BCE2-DB5C-49EB-A302-F11E4E02F9BD", versionEndExcluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. En las versiones 0.3.10 y anteriores, se pueden registrar valores incorrectos cuando se llama al comando interno `raw_log` con argumentos de memoria o almacenamiento para usar como temas. Se realizó una búsqueda de contratos y no se encontraron contratos vulnerables en producción. La función `build_IR` de la clase `RawLog` no desenvuelve correctamente las variables proporcionadas como temas. En consecuencia, los valores incorrectos se registran como temas. Al momento de la publicación, no hay ninguna versión fija disponible.", }, ], id: "CVE-2024-32645", lastModified: "2025-01-02T22:52:27.117", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-25T18:15:08.593", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-25 18:15
Modified
2025-01-02 22:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "CEC5BCE2-DB5C-49EB-A302-F11E4E02F9BD", versionEndExcluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist.\n", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. En las versiones 0.3.10 y anteriores, el uso de la función incorporada `create_from_blueprint` puede resultar en una vulnerabilidad de doble evaluación cuando `raw_args=True` y el argumento `args` tienen efectos secundarios. Se puede ver que la función `_build_create_IR` del incorporado `create_from_blueprint` no almacena en caché el argumento `args` mencionado en la pila. Como tal, se puede evaluar varias veces (en lugar de recuperar el valor de la pila). No se encontraron contratos de producción vulnerables. Además, la doble evaluación de los efectos secundarios debería poder descubrirse fácilmente en las pruebas de los clientes. Como tal, el impacto es bajo. Al momento de la publicación, no existen versiones fijas.", }, ], id: "CVE-2024-32647", lastModified: "2025-01-02T22:46:37.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-25T18:15:08.963", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-95", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-13 19:15
Modified
2024-11-21 06:51
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "CB785270-AAD7-4392-BBAA-6261435B5C08", versionEndExcluding: "0.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.", }, { lang: "es", value: "Vyper es un Lenguaje de Contratos Inteligentes pitónicos para la máquina virtual de Ethereum. Las versiones de vyper anteriores a 0.3.2, sufren un potencial desbordamiento del búfer. La importación de una función desde una interfaz JSON que devuelve \"bytes\" genera bytecode que no sujeta la longitud de los bytes, resultando potencialmente en un desbordamiento del búfer. Es recomendado a usuarios actualizar. No se presentan medidas de mitigación conocidas para este problema", }, ], id: "CVE-2022-24788", lastModified: "2024-11-21T06:51:05.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-13T19:15:09.243", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-04 18:15
Modified
2024-11-21 06:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "918B0240-C29F-4F2C-8A93-384DB7639732", versionEndIncluding: "0.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `\"\\x00\"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.", }, { lang: "es", value: "Vyper es un Lenguaje de Contratos Inteligentes de Python para la Máquina Virtual de Ethereum. En versiones 0.3.1 y anteriores, las cadenas de bytes pueden presentar bytes sucios, resultando en que las comparaciones palabra por palabra den resultados incorrectos. Incluso sin bytes sucios distintos de cero, dos bytestrings pueden compararse como iguales si uno termina con \"\\x00\" porque no se presenta comparación de la longitud. Se presenta un parche disponible y es esperado que forme parte de la versión 0.3.2. Actualmente no se presentan medidas de mitigación conocidas", }, ], id: "CVE-2022-24787", lastModified: "2024-11-21T06:51:05.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-04T18:15:07.877", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-697", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-697", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-26 20:19
Modified
2025-01-16 19:31
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w | Exploit, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. Si se especifica un valor excesivamente grande como índice inicial para una matriz en `_abi_decode`, puede provocar que la posición de lectura se desborde. Esto da como resultado la decodificación de valores fuera de los límites previstos de la matriz, lo que potencialmente conduce a explotaciones en contratos que usan matrices dentro de `_abi_decode`. Esta vulnerabilidad afecta a la versión 0.3.10 y versiones anteriores.", }, ], id: "CVE-2024-26149", lastModified: "2025-01-16T19:31:59.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-26T20:19:05.853", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 18:15
Modified
2024-11-21 08:20
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/pull/3583 | Patch | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/pull/3583 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "56FB25B4-6446-4B4B-87AA-D4368B4B8685", versionEndIncluding: "0.3.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", }, { lang: "es", value: "Vyper es un Lenguaje de Contrato Inteligente de Python. En las versiones afectadas, el orden de evaluación de los argumentos de las funciones integradas `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` no sigue el orden de origen. Este comportamiento es problemático cuando la evaluación de uno de los argumentos produce efectos secundarios de los que dependen otros argumentos. Actualmente se está desarrollando un parche mediante la solicitud de extracción #3583. Al utilizar elementos integrados de la lista anterior, los usuarios deben asegurarse de que los argumentos de la expresión no produzcan efectos secundarios o, si los produce, que ningún otro argumento dependa de esos efectos secundarios.", }, ], id: "CVE-2023-41052", lastModified: "2024-11-21T08:20:27.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T18:15:08.657", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/3583", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/3583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-670", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-670", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-18 21:16
Modified
2024-11-21 08:22
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.
Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.
As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/issues/3609 | Issue Tracking, Vendor Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/issues/3609 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w | Exploit, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "34B59539-E37F-462A-BB24-D952D027FAC5", versionEndExcluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.\n\nEach builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.\n\nAs of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.", }, { lang: "es", value: "Vyper es un Lenguaje de Contrato Inteligente Pitónico para la Máquina Virtual Ethereum (EVM). En la versión 0.3.9 y anteriores, bajo ciertas condiciones, la memoria utilizada por las funciones integradas `raw_call`, `create_from_blueprint` y `create_copy_of` puede estar dañada. Para `raw_call`, el búfer de argumentos de la llamada puede estar dañado, lo que genera `calldata` incorrectos en el subcontexto. Para `create_from_blueprint` y `create_copy_of`, el búfer para el código de bytes que se va a implementar puede estar dañado, lo que lleva a implementar un código de bytes incorrecto. Cada elemento incorporado tiene condiciones que deben cumplirse para que se produzca la corrupción. Para `raw_call`, el argumento `data` del incorporado debe ser `msg.data` y el `valor` o `gas` pasado al incorporado debe ser alguna expresión compleja que dé como resultado la escritura en la memoria. Para `create_copy_of`, el `valor` o `salt` pasado al incorporado debe ser alguna expresión compleja que dé como resultado la escritura en la memoria. Para `create_from_blueprint`, no se deben pasar parámetros de constructor al incorporado o `raw_args` debe establecerse en True, y el `valor` o `salt` pasado al incorporado debe ser alguna expresión compleja que dé como resultado la escritura en la memoria . Al momento de la publicación, no existe ninguna versión parcheada. El problema aún se está investigando y es posible que haya otros casos en los que se produzca corrupción. Cuando se llama a la función incorporada desde una función \"interna\" \"F\", el problema no está presente siempre que la función que llama a \"F\" haya escrito en la memoria antes de llamar a \"F\". Como workaround, las expresiones complejas que se pasan como kwargs al incorporado deben almacenarse en caché en la memoria antes de la llamada al incorporado.", }, ], id: "CVE-2023-42443", lastModified: "2024-11-21T08:22:32.373", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-18T21:16:13.403", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/issues/3609", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/issues/3609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-13 20:15
Modified
2024-11-21 08:28
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "CE735083-742D-4FFC-922C-71E242E471F3", versionEndExcluding: "0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum (EVM). Los contratos que contienen matrices grandes podrían subasignar la cantidad de ranuras que necesitan en 1. Antes de v0.3.8, el cálculo para determinar cuántas ranuras necesitaba una variable de almacenamiento usaba `math.ceil(type_.size_in_bytes / 32)`. El paso de punto flotante intermedio puede producir un error de redondeo si hay suficientes bits configurados en la mantisa IEEE-754. En términos generales, si `type_.size_in_bytes` es grande (> 2**46) y ligeramente menor que una potencia de 2, el cálculo puede sobrestimar cuántas ranuras se necesitan por 1. Si `type_.size_in_bytes` es ligeramente mayor que una potencia de 2, el cálculo puede subestimar cuántas ranuras se necesitan por 1. Este problema se solucionó en la versión 0.3.8.", }, ], id: "CVE-2023-46247", lastModified: "2024-11-21T08:28:09.720", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-13T20:15:49.360", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-193", }, { lang: "en", value: "CWE-682", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-11 21:15
Modified
2025-01-24 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "4E33CC4B-8A7D-4AB9-91C6-7B103ED59531", versionEndExcluding: "0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.", }, ], id: "CVE-2023-32058", lastModified: "2025-01-24T16:15:34.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-11T21:15:10.397", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "security-advisories@github.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-11 21:15
Modified
2025-01-24 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "4E33CC4B-8A7D-4AB9-91C6-7B103ED59531", versionEndExcluding: "0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.", }, ], id: "CVE-2023-31146", lastModified: "2025-01-24T16:15:32.803", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-11T21:15:10.240", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security-advisories@github.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 19:15
Modified
2024-11-21 08:15
Severity ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:0.2.15:*:*:*:*:python:*:*", matchCriteriaId: "D77BED2E-B82A-49C3-A555-04F77E181013", vulnerable: true, }, { criteria: "cpe:2.3:a:vyperlang:vyper:0.2.16:*:*:*:*:python:*:*", matchCriteriaId: "1DF78911-B188-4F6F-8E8A-BF120C425C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:vyperlang:vyper:0.3.0:*:*:*:*:python:*:*", matchCriteriaId: "B371A623-7B66-4D86-A8E9-0CBC01AEC1F4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.", }, ], id: "CVE-2023-39363", lastModified: "2024-11-21T08:15:14.707", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "ATTACKED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "NONE", subIntegrityImpact: "HIGH", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2023-08-07T19:15:11.873", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/2439", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/2514", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackmd.io/@LlamaRisk/BJzSKHNjn", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackmd.io/@vyperlang/HJUgNMhs2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/2439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/2514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackmd.io/@LlamaRisk/BJzSKHNjn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackmd.io/@vyperlang/HJUgNMhs2", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-08 17:15
Modified
2024-11-21 08:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "4E33CC4B-8A7D-4AB9-91C6-7B103ED59531", versionEndExcluding: "0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n", }, ], id: "CVE-2023-30837", lastModified: "2024-11-21T08:00:56.617", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-08T17:15:12.007", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-789", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-21 22:15
Modified
2025-03-28 20:05
Severity ?
Summary
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/pull/4488 | Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67 | Vendor Advisory, Exploit |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "73C5488C-E93A-4105-A5CD-AD98075A08E2", versionEndExcluding: "0.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "vyper es un lenguaje de contrato inteligente Pythonic para EVM. Es posible la evaluación múltiple de una sola expresión en el destino del iterador de un bucle for. Si bien la expresión del iterador no puede producir múltiples escrituras, puede consumir efectos secundarios producidos en el cuerpo del bucle (por ejemplo, leer una variable de almacenamiento actualizada en el cuerpo del bucle) y, por lo tanto, provocar un comportamiento inesperado del programa. Específicamente, las lecturas en iteradores que contienen una ifexp (por ejemplo, `for s: uint256 in ([read(), read()] if True else [])`) pueden intercalar lecturas con escrituras en el cuerpo del bucle. Los bucles for de Vyper permiten dos tipos de destinos de iterador, a saber, el `range()` incorporado y un tipo iterable, como SArray y DArray. Durante la generación de código, se requiere que las listas iterables no produzcan ningún efecto secundario (en el siguiente código, `range_scope` obliga a que `iter_list` se analice en un contexto constante, que se verifica con `is_constant`). Sin embargo, esto no evita que el iterador consuma los efectos secundarios proporcionados por el cuerpo del bucle. Por otro lado, para los SArrays, `iter_list` se instancia en el cuerpo de un iterador `repeat`, por lo que se puede evaluar varias veces. Este problema se está solucionando y se espera que esté disponible en la versión 0.4.1. Se recomienda a los usuarios que actualicen tan pronto como esté disponible la versión parcheada. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2025-27104", lastModified: "2025-03-28T20:05:35.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 2.3, baseSeverity: "LOW", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2025-02-21T22:15:13.773", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/vyperlang/vyper/pull/4488", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", "Exploit", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-662", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-26 20:19
Modified
2025-01-16 19:34
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "CEC5BCE2-DB5C-49EB-A302-F11E4E02F9BD", versionEndExcluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. Cuando se utiliza el `extract32(b, start)` integrado, si el índice `start` proporcionado tiene como efecto secundario actualizar `b`, la matriz de bytes de la que extraer `32` bytes, podría ser que \"extract32\" lea y devuelva algo de memoria sucia. Esta vulnerabilidad afecta a la versión 0.3.10 y versiones anteriores.", }, ], id: "CVE-2024-24564", lastModified: "2025-01-16T19:34:13.567", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-26T20:19:05.627", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-02 17:15
Modified
2024-11-21 08:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 | Exploit, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. Cuando se realizan llamadas a contratos externos, escribimos el búfer de entrada comenzando en el byte 28 y asignamos el búfer de retorno para que comience en el byte 0 (superponiéndose con el búfer de entrada). Al verificar RETURNDATASIZE para tipos dinámicos, el tamaño se compara solo con el tamaño mínimo permitido para ese tipo y no con la longitud del valor devuelto. Como resultado, los datos de devolución con formato incorrecto pueden hacer que el contrato confunda los datos del búfer de entrada con los datos de devolución. Cuando el contrato llamado devuelve datos codificados ABIv2 no válidos, el contrato que llama puede leer datos no válidos diferentes (del búfer sucio) que los devueltos por el contrato llamado.", }, ], id: "CVE-2024-24560", lastModified: "2024-11-21T08:59:25.313", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-02T17:15:11.720", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-25 18:15
Modified
2025-01-02 22:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "CEC5BCE2-DB5C-49EB-A302-F11E4E02F9BD", versionEndExcluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.\n\n", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. En las versiones 0.3.10 y anteriores, el uso de la función incorporada `slice` puede generar una vulnerabilidad de doble evaluación cuando el argumento del búfer es `msg.data`, `self.code` o `.code` y el ` Los argumentos de inicio o longitud tienen efectos secundarios. Se puede activar fácilmente solo con las versiones \"<0.3.4\", ya que \"0.3.4\" introdujo el símbolo único de valla. No se encontraron contratos de producción vulnerables. Además, la doble evaluación de los efectos secundarios debería poder descubrirse fácilmente en las pruebas de los clientes. Como tal, el impacto es bajo. Al momento de la publicación, no hay versiones fijas disponibles.", }, ], id: "CVE-2024-32646", lastModified: "2025-01-02T22:52:15.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-25T18:15:08.780", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para EVM. Hay un error en la gestión de la pila al compilar el `IR` para `sha3_64`. En concreto, la variable \"altura\" está mal calculada. La vulnerabilidad no se puede activar sin escribir el `IR` a mano (es decir, no se puede activar desde un código vyper normal). `sha3_64` se utiliza para la recuperación en asignaciones. No se encontró ningún flujo que almacenara en caché la \"clave\", por lo que no debería ser posible desencadenar el problema al compilar el \"IR\" generado por el compilador. Este problema no se activa durante la compilación normal del código vyper, por lo que el impacto es bajo. Al momento de publicación no hay ningún parche disponible.", }, ], id: "CVE-2024-24559", lastModified: "2024-11-21T08:59:24.903", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-05T21:15:12.127", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-01 17:15
Modified
2024-11-21 08:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.\n\n", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente de python para la máquina virtual ethereum. En las versiones 0.3.10 y anteriores, la verificación de los límites para sectores no tiene en cuenta la capacidad de inicio + longitud de desbordarse cuando los valores no son literales. Si una función slice() utiliza un argumento no literal para la variable de inicio o longitud, esto crea la capacidad para que un atacante desborde la verificación de los límites. Este problema se puede utilizar para realizar acceso OOB a direcciones de almacenamiento, memoria o datos de llamada. También se puede utilizar para corromper la ranura de longitud de la matriz respectiva.", }, ], id: "CVE-2024-24561", lastModified: "2024-11-21T08:59:25.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-01T17:15:11.180", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/vyperlang/vyper/issues/3756", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/vyperlang/vyper/issues/3756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-18 19:15
Modified
2024-11-21 08:56
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | Patch | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/issues/3737 | Exploit, Issue Tracking, Vendor Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/issues/3737 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p | Exploit, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. El `concat` integrado puede escribir sobre los límites del búfer de memoria que se le asignó y así sobrescribir los datos válidos existentes. La causa principal es que `build_IR` para `concat` no se adhiere correctamente a la API de funciones de copia (para `>=0.3.2` la función `copy_bytes`). Se realizó una búsqueda de contratos y no se encontraron contratos vulnerables en producción. El desbordamiento de búfer puede provocar un cambio en la semántica del contrato. El desbordamiento depende de la longitud y, por lo tanto, puede pasar desapercibido durante las pruebas del contrato. Sin embargo, ciertamente no todos los usos de concat darán como resultado la sobrescritura de datos válidos, ya que requerimos que estén en una función interna y cerca de la declaración de devolución donde no ocurren otras asignaciones de memoria. Este problema se solucionó en el commit `55e18f6d1` que se incluirá en versiones futuras. Se recomienda a los usuarios que actualicen cuando sea posible.", }, ], id: "CVE-2024-22419", lastModified: "2024-11-21T08:56:15.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-18T19:15:10.550", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/issues/3737", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/issues/3737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-25 18:15
Modified
2025-01-02 22:39
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "CEC5BCE2-DB5C-49EB-A302-F11E4E02F9BD", versionEndExcluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.\n", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. En las versiones 0.3.10 y anteriores, el uso de la función incorporada `sqrt` puede generar una vulnerabilidad de doble evaluación cuando el argumento tiene efectos secundarios. Se puede ver que la función `build_IR` del incorporado `sqrt` no almacena en caché el argumento en la pila. Como tal, se puede evaluar varias veces (en lugar de recuperar el valor de la pila). No se encontraron contratos de producción vulnerables. Además, la doble evaluación de los efectos secundarios debería poder descubrirse fácilmente en las pruebas de los clientes. Como tal, el impacto es bajo. Al momento de la publicación, no hay versiones fijas disponibles.", }, ], id: "CVE-2024-32649", lastModified: "2025-01-02T22:39:30.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-25T18:15:09.350", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-95", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-13 22:15
Modified
2024-11-21 06:51
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "CB785270-AAD7-4392-BBAA-6261435B5C08", versionEndExcluding: "0.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.", }, { lang: "es", value: "Vyper es un Lenguaje de Contrato Inteligente pitónico para la máquina virtual de Ethereum. En las versiones afectadas, el retorno de \"(iface).returns_int128()\" no es comprobado que esté dentro de los límites de \"int128\". Este problema puede resultar en una mala interpretación del valor entero y conllevar a un comportamiento incorrecto. A partir de la versión 0.3.0, \"(iface).returns_int128()\" es comprobado en expresiones simples, pero no en expresiones complejas. Es recomendado a usuarios actualizar. No se presenta medidas de mitigación conocidas para este problema", }, ], id: "CVE-2022-24845", lastModified: "2024-11-21T06:51:13.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-13T22:15:08.330", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-06 18:15
Modified
2024-11-21 06:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/pull/2447 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/pull/2447 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "5CA2159A-A4C9-4087-B92C-CDB067277711", versionEndExcluding: "0.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.", }, { lang: "es", value: "Vyper es un Lenguaje de Contrato Inteligente de Python para el EVM. En las versiones afectadas, cuando se lleva a cabo una llamada a una función dentro de una estructura literal, se presenta un problema de corrupción de memoria que se produce debido a un puntero incorrecto en la parte superior de la pila. Este problema ha sido resuelto en la versión 0.3.0", }, ], id: "CVE-2021-41121", lastModified: "2024-11-21T06:25:30.930", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-06T18:15:10.897", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-27 15:19
Modified
2024-11-21 08:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/pull/3626 | Patch | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/pull/3626 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "0D4639D6-93EE-4697-BEC9-894E9B39A3B4", versionEndExcluding: "0.3.10", versionStartIncluding: "0.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.", }, { lang: "es", value: "Vyper es un Pythonic Smart Contract Language para EVM. La función `_abi_decode()` no valida la entrada cuando está anidada en una expresión. Se pueden crear usos de `_abi_decode()` que permitan omitir la verificación de los límites, lo que generará resultados incorrectos. Este problema aún no se ha solucionado, pero se espera que se solucione en la versión `0.3.10`. Se recomienda a los usuarios que hagan referencia al pull request #3626.", }, ], id: "CVE-2023-42460", lastModified: "2024-11-21T08:22:34.977", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-27T15:19:32.543", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/3626", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/pull/3626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-682", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-25 21:15
Modified
2024-11-21 08:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "BA77D186-1EDF-4C4E-8BA6-00D8B54358B9", versionEndExcluding: "0.3.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.", }, ], id: "CVE-2023-37902", lastModified: "2024-11-21T08:12:25.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-25T21:15:10.550", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-252", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 21:15
Modified
2024-11-21 08:59
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "832C489D-4288-46B4-A29E-0E7168748042", versionEndIncluding: "0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.", }, { lang: "es", value: "Vyper es un Smart Contract Language pythonico para la máquina virtual ethereum. El compilador de Vyper permite pasar un valor en raw_call incorporado incluso si la llamada es una llamada delegada o una llamada estática. Pero en el contexto de delegarcall y staticcall el manejo del valor no es posible debido a la semántica de los respectivos códigos de operación, y vyper ignorará silenciosamente el argumento value=. Si el desarrollador desconoce la semántica del EVM, podría sospechar que al especificar el \"valor\" kwarg, se enviará exactamente la cantidad dada al objetivo. Esta vulnerabilidad afecta a la versión 0.3.10 y versiones anteriores.", }, ], id: "CVE-2024-24567", lastModified: "2024-11-21T08:59:26.220", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T21:15:08.607", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", ], url: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-25 18:15
Modified
2025-01-02 22:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "65F778D8-E42E-4CDB-BF02-9406D65FD6B6", versionEndExcluding: "0.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue.\n", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual Ethereum. Antes de la versión 0.3.0, las funciones predeterminadas no respetan las claves que no son de reentrada y el bloqueo no se emite. No se encontraron contratos de producción vulnerables. Además, usar un bloqueo en una función \"predeterminada\" es un patrón muy poco utilizado. Como tal, el impacto es bajo. La versión 0.3.0 contiene un parche para el problema.", }, ], id: "CVE-2024-32648", lastModified: "2025-01-02T22:43:19.753", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-25T18:15:09.157", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/vyperlang/vyper/issues/2455", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/vyperlang/vyper/issues/2455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-21 22:15
Modified
2025-03-28 20:06
Severity ?
Summary
vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/pull/4486 | Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "73C5488C-E93A-4105-A5CD-AD98075A08E2", versionEndExcluding: "0.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "vyper es un lenguaje de contrato inteligente Pythonic para EVM. La función incorporada `sqrt()` de Vyper utiliza el método babilónico para calcular raíces cuadradas de decimales. Lamentablemente, la gestión inadecuada de los estados finales oscilantes puede provocar que sqrt devuelva incorrectamente resultados redondeados. Este problema se está solucionando y se espera una solución en la versión 0.4.1. Se recomienda a los usuarios que actualicen la versión tan pronto como esté disponible la versión parcheada. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2025-26622", lastModified: "2025-03-28T20:06:00.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 2.3, baseSeverity: "LOW", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2025-02-21T22:15:13.447", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/vyperlang/vyper/pull/4486", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-682", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-05 23:15
Modified
2024-11-21 06:25
Severity ?
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/pull/2447 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/pull/2447 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", matchCriteriaId: "5CA2159A-A4C9-4087-B92C-CDB067277711", versionEndExcluding: "0.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.", }, { lang: "es", value: "Vyper es un lenguaje de contrato inteligente de Python para el EVM. En las versiones afectadas, las funciones externas no comprueban correctamente los límites de los argumentos decimales. Esto puede conllevar a errores lógicos. Este problema ha sido resuelto en la versión 0.3.0", }, ], id: "CVE-2021-41122", lastModified: "2024-11-21T06:25:31.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2021-10-05T23:15:07.487", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-682", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-21 22:15
Modified
2025-03-28 20:02
Severity ?
Summary
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp | Vendor Advisory, Exploit |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", matchCriteriaId: "73C5488C-E93A-4105-A5CD-AD98075A08E2", versionEndExcluding: "0.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "vyper es un lenguaje de contrato inteligente Pythonic para EVM. Vyper gestiona las instrucciones AugAssign almacenando primero en caché la ubicación de destino para evitar una doble evaluación. Sin embargo, en el caso en que el destino sea un acceso a un DynArray y el rhs modifique la matriz, el destino almacenado en caché se evaluará primero y la verificación de límites no se volverá a evaluar durante la parte de escritura de la instrucción. Este problema se ha solucionado en la versión 0.4.1 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad.", }, ], id: "CVE-2025-27105", lastModified: "2025-03-28T20:02:28.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 2.3, baseSeverity: "LOW", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2025-02-21T22:15:13.910", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", "Exploit", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
cve-2022-24845
Vulnerability from cvelistv5
Published
2022-04-13 21:15
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-13T21:15:16", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h", }, ], source: { advisory: "GHSA-j2x6-9323-fp7h", discovery: "UNKNOWN", }, title: "Integer bounds error in Vyper", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24845", STATE: "PUBLIC", TITLE: "Integer bounds error in Vyper", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "vyper", version: { version_data: [ { version_value: "< 0.3.2", }, ], }, }, ], }, vendor_name: "vyperlang", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-190: Integer Overflow or Wraparound", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", refsource: "MISC", url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h", refsource: "CONFIRM", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h", }, ], }, source: { advisory: "GHSA-j2x6-9323-fp7h", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24845", datePublished: "2022-04-13T21:15:16", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-08-03T04:20:50.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32649
Vulnerability from cvelistv5
Published
2024-04-25 17:53
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32649", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T12:16:42.844342Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:52:16.841Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-95", description: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T17:53:01.072Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", }, ], source: { advisory: "GHSA-5jrj-52x8-m64h", discovery: "UNKNOWN", }, title: "vyper performs double eval of the argument of sqrt", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32649", datePublished: "2024-04-25T17:53:01.072Z", dateReserved: "2024-04-16T14:15:26.876Z", dateUpdated: "2024-08-02T02:13:40.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26149
Vulnerability from cvelistv5
Published
2024-02-26 20:16
Modified
2024-08-22 20:44
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:59:32.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThanOrEqual: "0.3.10", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26149", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-27T15:58:20.730504Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-22T20:44:05.129Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-26T20:16:01.688Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w", }, ], source: { advisory: "GHSA-9p8r-4xp4-gw5w", discovery: "UNKNOWN", }, title: "Vyper _abi_decode Memory Overflow", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-26149", datePublished: "2024-02-26T20:16:01.688Z", dateReserved: "2024-02-14T17:40:03.690Z", dateUpdated: "2024-08-22T20:44:05.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30629
Vulnerability from cvelistv5
Published
2023-04-24 21:58
Modified
2025-02-12 16:35
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:28:52.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", }, { name: "https://github.com/lidofinance/gate-seals/pull/5/files", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/lidofinance/gate-seals/pull/5/files", }, { name: "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", }, { name: "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", }, { name: "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30629", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T20:54:22.454011Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T16:35:42.775Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: ">= 0.3.1, <= 0.3.7", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-24T21:58:00.227Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", }, { name: "https://github.com/lidofinance/gate-seals/pull/5/files", tags: [ "x_refsource_MISC", ], url: "https://github.com/lidofinance/gate-seals/pull/5/files", }, { name: "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", }, { name: "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", tags: [ "x_refsource_MISC", ], url: "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", }, { name: "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", tags: [ "x_refsource_MISC", ], url: "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", }, ], source: { advisory: "GHSA-w9g2-3w7p-72g9", discovery: "UNKNOWN", }, title: "Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-30629", datePublished: "2023-04-24T21:58:00.227Z", dateReserved: "2023-04-13T13:25:18.834Z", dateUpdated: "2025-02-12T16:35:42.775Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42460
Vulnerability from cvelistv5
Published
2023-09-26 18:47
Modified
2024-09-24 13:45
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/3626 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:38.895Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", }, { name: "https://github.com/vyperlang/vyper/pull/3626", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/3626", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-42460", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T13:20:49.007393Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T13:45:05.798Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: ">= 0.3.4, < 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-682", description: "CWE-682: Incorrect Calculation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-26T18:47:09.721Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", }, { name: "https://github.com/vyperlang/vyper/pull/3626", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/3626", }, ], source: { advisory: "GHSA-cx2q-hfxr-rj97", discovery: "UNKNOWN", }, title: "_abi_decode input not validated in complex expressions in Vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-42460", datePublished: "2023-09-26T18:47:09.721Z", dateReserved: "2023-09-08T20:57:45.574Z", dateUpdated: "2024-09-24T13:45:05.798Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24561
Vulnerability from cvelistv5
Published
2024-02-01 16:37
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/issues/3756 | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", }, { name: "https://github.com/vyperlang/vyper/issues/3756", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/issues/3756", }, { name: "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:39:47.539Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", }, { name: "https://github.com/vyperlang/vyper/issues/3756", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/issues/3756", }, { name: "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", }, ], source: { advisory: "GHSA-9x7f-gwxq-6f2c", discovery: "UNKNOWN", }, title: "Vyper bounds check on built-in `slice()` function can be overflowed", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24561", datePublished: "2024-02-01T16:37:01.007Z", dateReserved: "2024-01-25T15:09:40.209Z", dateUpdated: "2024-08-01T23:19:52.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24567
Vulnerability from cvelistv5
Published
2024-01-30 20:17
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", }, { name: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754: Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T20:17:53.955Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", }, { name: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", }, ], source: { advisory: "GHSA-x2c2-q32w-4w6m", discovery: "UNKNOWN", }, title: "raw_call `value=` kwargs not disabled for static and delegate calls", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24567", datePublished: "2024-01-30T20:17:53.955Z", dateReserved: "2024-01-25T15:09:40.210Z", dateUpdated: "2024-08-01T23:19:52.828Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27104
Vulnerability from cvelistv5
Published
2025-02-21 21:32
Modified
2025-02-22 15:35
Severity ?
EPSS score ?
Summary
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/4488 | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-27104", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-22T15:35:33.591018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-22T15:35:56.497Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.4.1", }, ], }, ], descriptions: [ { lang: "en", value: "vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-662", description: "CWE-662: Improper Synchronization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-21T21:32:24.621Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67", }, { name: "https://github.com/vyperlang/vyper/pull/4488", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/4488", }, ], source: { advisory: "GHSA-h33q-mhmp-8p67", discovery: "UNKNOWN", }, title: "double eval in For List Iter in Vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-27104", datePublished: "2025-02-21T21:32:24.621Z", dateReserved: "2025-02-18T16:44:48.765Z", dateUpdated: "2025-02-22T15:35:56.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41122
Vulnerability from cvelistv5
Published
2021-10-05 23:00
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/2447 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:59:31.578Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-682", description: "CWE-682: Incorrect Calculation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-05T23:00:11", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, ], source: { advisory: "GHSA-c7pr-343r-5c46", discovery: "UNKNOWN", }, title: "Bounds check missing for decimal args in Vyper", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-41122", STATE: "PUBLIC", TITLE: "Bounds check missing for decimal args in Vyper", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "vyper", version: { version_data: [ { version_value: "< 0.3.0", }, ], }, }, ], }, vendor_name: "vyperlang", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-682: Incorrect Calculation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46", refsource: "CONFIRM", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46", }, { name: "https://github.com/vyperlang/vyper/pull/2447", refsource: "MISC", url: "https://github.com/vyperlang/vyper/pull/2447", }, ], }, source: { advisory: "GHSA-c7pr-343r-5c46", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-41122", datePublished: "2021-10-05T23:00:11", dateReserved: "2021-09-15T00:00:00", dateUpdated: "2024-08-04T02:59:31.578Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32646
Vulnerability from cvelistv5
Published
2024-04-25 17:21
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32646", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-30T16:05:58.539270Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:49:53.303Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T17:21:59.687Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m", }, ], source: { advisory: "GHSA-r56x-j438-vw5m", discovery: "UNKNOWN", }, title: "vyper performs double eval of the slice args when buffer from adhoc locations", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32646", datePublished: "2024-04-25T17:21:59.687Z", dateReserved: "2024-04-16T14:15:26.875Z", dateUpdated: "2024-08-02T02:13:40.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31146
Vulnerability from cvelistv5
Published
2023-05-11 20:51
Modified
2025-01-24 16:02
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:45:25.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", }, { name: "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31146", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:59:53.354621Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T16:02:08.702Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.8", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-11T20:51:51.666Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", }, { name: "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb", }, ], source: { advisory: "GHSA-3p37-3636-q8wv", discovery: "UNKNOWN", }, title: "Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-31146", datePublished: "2023-05-11T20:51:51.666Z", dateReserved: "2023-04-24T21:44:10.418Z", dateUpdated: "2025-01-24T16:02:08.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32059
Vulnerability from cvelistv5
Published
2023-05-11 21:01
Modified
2025-01-24 15:54
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g", }, { name: "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32059", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:51:03.268758Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T15:54:40.006Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.8", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-683", description: "CWE-683: Function Call With Incorrect Order of Arguments", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-11T21:01:11.456Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g", }, { name: "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac", }, ], source: { advisory: "GHSA-ph9x-4vc9-m39g", discovery: "UNKNOWN", }, title: "Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-32059", datePublished: "2023-05-11T21:01:11.456Z", dateReserved: "2023-05-01T16:47:35.313Z", dateUpdated: "2025-01-24T15:54:40.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32675
Vulnerability from cvelistv5
Published
2023-05-19 19:46
Modified
2025-02-12 16:36
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762", }, { name: "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32675", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-21T17:07:30.282818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T16:36:34.945Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.8", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-04T13:48:07.129Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762", }, { name: "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520", }, ], source: { advisory: "GHSA-vxmm-cwh2-q762", discovery: "UNKNOWN", }, title: "Nonpayable default functions are sometimes payable in vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-32675", datePublished: "2023-05-19T19:46:18.047Z", dateReserved: "2023-05-11T16:33:45.730Z", dateUpdated: "2025-02-12T16:36:34.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24563
Vulnerability from cvelistv5
Published
2024-02-07 17:10
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.
There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", }, { name: "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", }, { name: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.\n\nThere are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-07T17:10:08.385Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", }, { name: "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", }, { name: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", }, ], source: { advisory: "GHSA-52xq-j7v9-v4v2", discovery: "UNKNOWN", }, title: "Vyper array negative index vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24563", datePublished: "2024-02-07T17:10:08.385Z", dateReserved: "2024-01-25T15:09:40.209Z", dateUpdated: "2024-08-01T23:19:52.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24787
Vulnerability from cvelistv5
Published
2022-04-04 17:35
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.1", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `\"\\x00\"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-697", description: "CWE-697: Incorrect Comparison", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-04T17:35:10", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508", }, ], source: { advisory: "GHSA-7vrm-3jc8-5wwm", discovery: "UNKNOWN", }, title: "Incorrect Comparison in Vyper", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24787", STATE: "PUBLIC", TITLE: "Incorrect Comparison in Vyper", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "vyper", version: { version_data: [ { version_value: "<= 0.3.1", }, ], }, }, ], }, vendor_name: "vyperlang", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `\"\\x00\"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-697: Incorrect Comparison", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", refsource: "CONFIRM", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", }, { name: "https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508", refsource: "MISC", url: "https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508", }, ], }, source: { advisory: "GHSA-7vrm-3jc8-5wwm", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24787", datePublished: "2022-04-04T17:35:10", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-08-03T04:20:50.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32481
Vulnerability from cvelistv5
Published
2024-04-25 17:00
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:0.3.8:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThanOrEqual: "0.4.0b1", status: "affected", version: "0.3.8", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32481", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T19:03:15.836132Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:51:33.592Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:39.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj", }, { name: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", }, { name: "https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5", }, { name: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: ">= 0.3.8, < 0.4.0b1", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-681", description: "CWE-681: Incorrect Conversion between Numeric Types", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T17:00:54.082Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj", }, { name: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", }, { name: "https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5", }, { name: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287", }, ], source: { advisory: "GHSA-ppx5-q359-pvwj", discovery: "UNKNOWN", }, title: "vyper's range(start, start + N) reverts for negative numbers", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32481", datePublished: "2024-04-25T17:00:54.082Z", dateReserved: "2024-04-12T19:41:51.168Z", dateUpdated: "2024-08-02T02:13:39.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24788
Vulnerability from cvelistv5
Published
2022-04-13 18:30
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-13T18:30:18", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, ], source: { advisory: "GHSA-4mrx-6fxm-8jpg", discovery: "UNKNOWN", }, title: "Buffer overflow in Vyper", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24788", STATE: "PUBLIC", TITLE: "Buffer overflow in Vyper", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "vyper", version: { version_data: [ { version_value: "< 0.3.2", }, ], }, }, ], }, vendor_name: "vyperlang", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", refsource: "CONFIRM", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", }, { name: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", refsource: "MISC", url: "https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b", }, ], }, source: { advisory: "GHSA-4mrx-6fxm-8jpg", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24788", datePublished: "2022-04-13T18:30:18", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-08-03T04:20:50.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24560
Vulnerability from cvelistv5
Published
2024-02-02 16:19
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThanOrEqual: "0.3.10", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-24560", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T14:31:50.296984Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T14:33:43.333Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T16:19:45.822Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686", }, ], source: { advisory: "GHSA-gp3w-2v2m-p686", discovery: "UNKNOWN", }, title: "Vyper external calls can overflow return data to return input buffer", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24560", datePublished: "2024-02-02T16:19:45.822Z", dateReserved: "2024-01-25T15:09:40.208Z", dateUpdated: "2024-08-01T23:19:52.915Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26622
Vulnerability from cvelistv5
Published
2025-02-21 21:36
Modified
2025-02-22 15:34
Severity ?
EPSS score ?
Summary
vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/4486 | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-26622", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-22T15:34:07.833820Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-22T15:34:42.831Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.4.1", }, ], }, ], descriptions: [ { lang: "en", value: "vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-682", description: "CWE-682: Incorrect Calculation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-21T21:36:19.063Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86", }, { name: "https://github.com/vyperlang/vyper/pull/4486", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/4486", }, ], source: { advisory: "GHSA-2p94-8669-xg86", discovery: "UNKNOWN", }, title: "sqrt doesn't define rounding behavior in Vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-26622", datePublished: "2025-02-21T21:36:19.063Z", dateReserved: "2025-02-12T14:51:02.719Z", dateUpdated: "2025-02-22T15:34:42.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-22419
Vulnerability from cvelistv5
Published
2024-01-18 18:45
Modified
2024-10-09 19:41
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/issues/3737 | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:43:34.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", }, { name: "https://github.com/vyperlang/vyper/issues/3737", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/issues/3737", }, { name: "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.4.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-09T19:41:08.170Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", }, { name: "https://github.com/vyperlang/vyper/issues/3737", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/issues/3737", }, { name: "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", }, ], source: { advisory: "GHSA-2q8v-3gqq-4f8p", discovery: "UNKNOWN", }, title: "concat built-in can corrupt memory in vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-22419", datePublished: "2024-01-18T18:45:55.731Z", dateReserved: "2024-01-10T15:09:55.554Z", dateUpdated: "2024-10-09T19:41:08.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40015
Vulnerability from cvelistv5
Published
2023-09-04 17:39
Modified
2024-11-19 16:46
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:24:54.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40015", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:04:27.979211Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:30:19.912Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.4.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-19T16:46:23.708Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", }, ], source: { advisory: "GHSA-g2xh-c426-v8mf", discovery: "UNKNOWN", }, title: "Vyper: reversed order of side effects for some operations", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-40015", datePublished: "2023-09-04T17:39:12.822Z", dateReserved: "2023-08-08T13:46:25.241Z", dateUpdated: "2024-11-19T16:46:23.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42441
Vulnerability from cvelistv5
Published
2023-09-18 20:19
Modified
2024-09-24 18:58
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/3605 | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:38.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", }, { name: "https://github.com/vyperlang/vyper/pull/3605", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/3605", }, { name: "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThan: "0.3.10", status: "affected", version: "0.2.9", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-42441", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T18:49:53.145026Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T18:58:08.589Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: ">= 0.2.9, < 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant(\"\")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-833", description: "CWE-833: Deadlock", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-18T20:19:26.086Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", }, { name: "https://github.com/vyperlang/vyper/pull/3605", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/3605", }, { name: "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", }, ], source: { advisory: "GHSA-3hg2-r75x-g69m", discovery: "UNKNOWN", }, title: "Vyper has incorrect re-entrancy lock when key is empty string", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-42441", datePublished: "2023-09-18T20:19:26.086Z", dateReserved: "2023-09-08T20:57:45.572Z", dateUpdated: "2024-09-24T18:58:08.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29255
Vulnerability from cvelistv5
Published
2022-06-06 19:55
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:17:54.500Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.4", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-06T19:55:10", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d", }, ], source: { advisory: "GHSA-4v9q-cgpw-cf38", discovery: "UNKNOWN", }, title: "Multiple evaluation of contract address in call in vyper", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-29255", STATE: "PUBLIC", TITLE: "Multiple evaluation of contract address in call in vyper", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "vyper", version: { version_data: [ { version_value: "< 0.3.4", }, ], }, }, ], }, vendor_name: "vyperlang", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-670: Always-Incorrect Control Flow Implementation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", refsource: "CONFIRM", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", }, { name: "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d", refsource: "MISC", url: "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d", }, ], }, source: { advisory: "GHSA-4v9q-cgpw-cf38", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-29255", datePublished: "2022-06-06T19:55:10", dateReserved: "2022-04-13T00:00:00", dateUpdated: "2024-08-03T06:17:54.500Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32648
Vulnerability from cvelistv5
Published
2024-04-25 17:48
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/issues/2455 | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32648", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T19:30:39.358759Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:51:45.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9", }, { name: "https://github.com/vyperlang/vyper/issues/2455", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/issues/2455", }, { name: "https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-667", description: "CWE-667: Improper Locking", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T17:48:32.135Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9", }, { name: "https://github.com/vyperlang/vyper/issues/2455", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/issues/2455", }, { name: "https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177", }, ], source: { advisory: "GHSA-m2v9-w374-5hj9", discovery: "UNKNOWN", }, title: "vyper default functions don't respect nonreentrancy keys", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32648", datePublished: "2024-04-25T17:48:32.135Z", dateReserved: "2024-04-16T14:15:26.875Z", dateUpdated: "2024-08-02T02:13:40.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21607
Vulnerability from cvelistv5
Published
2025-01-14 17:32
Modified
2025-01-15 15:34
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. There are no actions for users to take.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-vgf2-gvx8-xwc3 | x_refsource_CONFIRM |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21607", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T15:34:18.741267Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T15:34:46.083Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vgf2-gvx8-xwc3", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.4.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. There are no actions for users to take.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T17:32:58.169Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vgf2-gvx8-xwc3", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-vgf2-gvx8-xwc3", }, ], source: { advisory: "GHSA-vgf2-gvx8-xwc3", discovery: "UNKNOWN", }, title: "Success of Certain Precompile Calls not Checked in Vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-21607", datePublished: "2025-01-14T17:32:58.169Z", dateReserved: "2024-12-29T03:00:24.712Z", dateUpdated: "2025-01-15T15:34:46.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24559
Vulnerability from cvelistv5
Published
2024-02-05 21:04
Modified
2024-08-26 18:13
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv", }, { name: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:0.3.10:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "0.3.10", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-24559", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-06T17:47:59.401665Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T18:13:59.422Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T21:04:42.056Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv", }, { name: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586", }, ], source: { advisory: "GHSA-6845-xw22-ffxv", discovery: "UNKNOWN", }, title: "Vyper SHA3 code generation bug", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24559", datePublished: "2024-02-05T21:04:42.056Z", dateReserved: "2024-01-25T15:09:40.208Z", dateUpdated: "2024-08-26T18:13:59.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37902
Vulnerability from cvelistv5
Published
2023-07-25 20:05
Modified
2024-10-03 18:59
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:23:27.794Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3", }, { name: "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThan: "0.3.10", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37902", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T18:58:38.236762Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T18:59:13.773Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-252", description: "CWE-252: Unchecked Return Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-25T20:05:40.615Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3", }, { name: "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f", }, ], source: { advisory: "GHSA-f5x6-7qgp-jhf3", discovery: "UNKNOWN", }, title: "Vyper's ecrecover can return undefined data if signature does not verify", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-37902", datePublished: "2023-07-25T20:05:40.615Z", dateReserved: "2023-07-10T17:51:29.610Z", dateUpdated: "2024-10-03T18:59:13.773Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30837
Vulnerability from cvelistv5
Published
2023-05-08 16:03
Modified
2025-01-29 15:27
Severity ?
EPSS score ?
Summary
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", }, { name: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30837", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T15:27:34.351503Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-29T15:27:39.451Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.8", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-789", description: "CWE-789: Memory Allocation with Excessive Size Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-08T16:03:06.162Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", }, { name: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, ], source: { advisory: "GHSA-mgv8-gggw-mrg6", discovery: "UNKNOWN", }, title: "Vyper storage allocator overflow", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-30837", datePublished: "2023-05-08T16:03:06.162Z", dateReserved: "2023-04-18T16:13:15.879Z", dateUpdated: "2025-01-29T15:27:39.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32058
Vulnerability from cvelistv5
Published
2023-05-11 20:55
Modified
2025-01-24 15:57
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", }, { name: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32058", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:56:37.269120Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T15:57:47.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.8", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-11T20:55:35.195Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", }, { name: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", }, ], source: { advisory: "GHSA-6r8q-pfpv-7cgj", discovery: "UNKNOWN", }, title: "Vyper vulnerable to integer overflow in loop", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-32058", datePublished: "2023-05-11T20:55:35.195Z", dateReserved: "2023-05-01T16:47:35.313Z", dateUpdated: "2025-01-24T15:57:47.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41121
Vulnerability from cvelistv5
Published
2021-10-06 17:10
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/pull/2447 | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:59:31.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-06T17:10:51", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/2447", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv", }, ], source: { advisory: "GHSA-xv8x-pr4h-73jv", discovery: "UNKNOWN", }, title: "Memory corruption in Vyper", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-41121", STATE: "PUBLIC", TITLE: "Memory corruption in Vyper", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "vyper", version: { version_data: [ { version_value: "< 0.3.0", }, ], }, }, ], }, vendor_name: "vyperlang", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/vyperlang/vyper/pull/2447", refsource: "MISC", url: "https://github.com/vyperlang/vyper/pull/2447", }, { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv", refsource: "CONFIRM", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv", }, ], }, source: { advisory: "GHSA-xv8x-pr4h-73jv", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-41121", datePublished: "2021-10-06T17:10:51", dateReserved: "2021-09-15T00:00:00", dateUpdated: "2024-08-04T02:59:31.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39363
Vulnerability from cvelistv5
Published
2023-08-07 18:40
Modified
2024-10-11 14:05
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38 | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/2439 | x_refsource_MISC | |
| https://github.com/vyperlang/vyper/pull/2514 | x_refsource_MISC | |
| https://hackmd.io/@LlamaRisk/BJzSKHNjn | x_refsource_MISC | |
| https://hackmd.io/@vyperlang/HJUgNMhs2 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:20.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38", }, { name: "https://github.com/vyperlang/vyper/pull/2439", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/2439", }, { name: "https://github.com/vyperlang/vyper/pull/2514", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/2514", }, { name: "https://hackmd.io/@LlamaRisk/BJzSKHNjn", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackmd.io/@LlamaRisk/BJzSKHNjn", }, { name: "https://hackmd.io/@vyperlang/HJUgNMhs2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackmd.io/@vyperlang/HJUgNMhs2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39363", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T18:06:38.040646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T18:06:48.980Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "= 0.2.15", }, { status: "affected", version: "= 0.2.16", }, { status: "affected", version: "= 0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 9.1, baseSeverity: "CRITICAL", privilegesRequired: "NONE", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "NONE", subIntegrityImpact: "HIGH", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:A", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "HIGH", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-11T14:05:03.824Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38", }, { name: "https://github.com/vyperlang/vyper/pull/2439", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/2439", }, { name: "https://github.com/vyperlang/vyper/pull/2514", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/2514", }, { name: "https://hackmd.io/@LlamaRisk/BJzSKHNjn", tags: [ "x_refsource_MISC", ], url: "https://hackmd.io/@LlamaRisk/BJzSKHNjn", }, { name: "https://hackmd.io/@vyperlang/HJUgNMhs2", tags: [ "x_refsource_MISC", ], url: "https://hackmd.io/@vyperlang/HJUgNMhs2", }, ], source: { advisory: "GHSA-5824-cm3x-3c38", discovery: "UNKNOWN", }, title: "Vyper incorrectly allocated named re-entrancy locks", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-39363", datePublished: "2023-08-07T18:40:25.615Z", dateReserved: "2023-07-28T13:26:46.480Z", dateUpdated: "2024-10-11T14:05:03.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32645
Vulnerability from cvelistv5
Published
2024-04-25 17:18
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3 | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThanOrEqual: "0.3.10", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32645", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T17:10:02.463026Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T21:01:57.984Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T17:22:15.234Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3", }, ], source: { advisory: "GHSA-xchq-w5r3-4wg3", discovery: "UNKNOWN", }, title: "vyper performs incorrect topic logging in raw_log", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32645", datePublished: "2024-04-25T17:18:27.026Z", dateReserved: "2024-04-16T14:15:26.875Z", dateUpdated: "2024-08-02T02:13:40.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42443
Vulnerability from cvelistv5
Published
2023-09-18 20:52
Modified
2024-09-24 18:57
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.
Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.
As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/issues/3609 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:38.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", }, { name: "https://github.com/vyperlang/vyper/issues/3609", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/issues/3609", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThanOrEqual: "0.3.9", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-42443", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T18:49:35.863475Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T18:57:14.382Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.9", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.\n\nEach builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.\n\nAs of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-18T20:52:33.664Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", }, { name: "https://github.com/vyperlang/vyper/issues/3609", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/issues/3609", }, ], source: { advisory: "GHSA-c647-pxm2-c52w", discovery: "UNKNOWN", }, title: "Vyper vulnerable to memory corruption in certain builtins utilizing `msize`", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-42443", datePublished: "2023-09-18T20:52:33.664Z", dateReserved: "2023-09-08T20:57:45.572Z", dateUpdated: "2024-09-24T18:57:14.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24564
Vulnerability from cvelistv5
Published
2024-02-26 20:16
Modified
2024-10-25 20:33
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { lessThan: "0.4.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-24564", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T16:54:00.551575Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T20:33:03.845Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.4.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-09T19:30:55.500Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", }, { name: "https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f", }, ], source: { advisory: "GHSA-4hwq-4cpm-8vmx", discovery: "UNKNOWN", }, title: "Vyper extract32 can ready dirty memory", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24564", datePublished: "2024-02-26T20:16:13.604Z", dateReserved: "2024-01-25T15:09:40.209Z", dateUpdated: "2024-10-25T20:33:03.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32647
Vulnerability from cvelistv5
Published
2024-04-25 17:41
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32647", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-30T15:54:24.635714Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:50:09.845Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.122Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6", }, { name: "https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-95", description: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T17:41:44.052Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6", }, { name: "https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847", }, ], source: { advisory: "GHSA-3whq-64q2-qfj6", discovery: "UNKNOWN", }, title: "vyper performs double eval of raw_args in create_from_blueprint", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32647", datePublished: "2024-04-25T17:41:44.052Z", dateReserved: "2024-04-16T14:15:26.875Z", dateUpdated: "2024-08-02T02:13:40.122Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41052
Vulnerability from cvelistv5
Published
2023-09-04 17:36
Modified
2024-09-26 18:30
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq | x_refsource_CONFIRM | |
| https://github.com/vyperlang/vyper/pull/3583 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:46:11.683Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", }, { name: "https://github.com/vyperlang/vyper/pull/3583", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/pull/3583", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41052", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:04:38.192633Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:30:33.353Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "<= 0.3.9", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T17:36:23.480Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", }, { name: "https://github.com/vyperlang/vyper/pull/3583", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/pull/3583", }, ], source: { advisory: "GHSA-4hg4-9mf5-wxxq", discovery: "UNKNOWN", }, title: "Vyper: incorrect order of evaluation of side effects for some builtins", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-41052", datePublished: "2023-09-04T17:36:23.480Z", dateReserved: "2023-08-22T16:57:23.933Z", dateUpdated: "2024-09-26T18:30:33.353Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46247
Vulnerability from cvelistv5
Published
2023-12-13 19:39
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", }, { name: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, { name: "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.3.8", }, ], }, ], descriptions: [ { lang: "en", value: "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-193", description: "CWE-193: Off-by-one Error", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-682", description: "CWE-682: Incorrect Calculation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-13T19:39:22.626Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", }, { name: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", }, { name: "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", tags: [ "x_refsource_MISC", ], url: "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", }, ], source: { advisory: "GHSA-6m97-7527-mh74", discovery: "UNKNOWN", }, title: "Vyper has incorrect storage layout for contracts containing large arrays", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-46247", datePublished: "2023-12-13T19:39:22.626Z", dateReserved: "2023-10-19T20:34:00.948Z", dateUpdated: "2024-08-02T20:37:40.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27105
Vulnerability from cvelistv5
Published
2025-02-21 21:27
Modified
2025-02-22 15:37
Severity ?
EPSS score ?
Summary
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp | x_refsource_CONFIRM |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-27105", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-22T15:36:50.306173Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-22T15:37:28.734Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vyper", vendor: "vyperlang", versions: [ { status: "affected", version: "< 0.4.1", }, ], }, ], descriptions: [ { lang: "en", value: "vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-21T21:27:28.056Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp", }, ], source: { advisory: "GHSA-4w26-8p97-f4jp", discovery: "UNKNOWN", }, title: "AugAssign evaluation order causing OOB write within the object in Vyper", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-27105", datePublished: "2025-02-21T21:27:28.056Z", dateReserved: "2025-02-18T16:44:48.766Z", dateUpdated: "2025-02-22T15:37:28.734Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }