cve-2023-40015
Vulnerability from cvelistv5
Published
2023-09-04 17:39
Modified
2024-11-19 16:46
Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
References
▼ | URL | Tags | |
---|---|---|---|
security-advisories@github.com | https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf | Exploit, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:54.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T18:04:27.979211Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T18:30:19.912Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "vyper", "vendor": "vyperlang", "versions": [ { "status": "affected", "version": "\u003c= 0.4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, \u0026, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, \u003c, \u003e, \u003c=, \u003e=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-670", "description": "CWE-670: Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-19T16:46:23.708Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf" } ], "source": { "advisory": "GHSA-g2xh-c426-v8mf", "discovery": "UNKNOWN" }, "title": "Vyper: reversed order of side effects for some operations" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-40015", "datePublished": "2023-09-04T17:39:12.822Z", "dateReserved": "2023-08-08T13:46:25.241Z", "dateUpdated": "2024-11-19T16:46:23.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-40015\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-04T18:15:07.880\",\"lastModified\":\"2024-11-21T08:18:31.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, \u0026, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, \u003c, \u003e, \u003c=, \u003e=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.\"},{\"lang\":\"es\",\"value\":\"Vyper es un Lenguaje de Contratos Inteligentes de Python. Para la siguiente lista de expresiones (probablemente no exhaustiva), el compilador eval\u00faa los argumentos de derecha a izquierda en lugar de izquierda a derecha. \\\"unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, \u0026amp;, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, \u0026lt;, \u0026gt;, \u0026lt;=, \u0026gt;=, ==, !=, in, not in (cuando lhs y rhs son enums)\\\". Este comportamiento se convierte en un problema cuando la evaluaci\u00f3n de uno de los argumentos produce efectos secundarios de los que dependen otros argumentos. Las siguientes expresiones pueden producir efectos secundarios: llamada externa que modifica el estado, llamada interna que modifica el estado, \\\"raw_call\\\", \\\"pop()\\\" cuando se utiliza un array din\u00e1mico almacenado en el almacenamiento, \\\"create_minimal_proxy_to\\\", \\\"create_copy_of\\\" y \\\"create_from_blueprint\\\". Este problema a\u00fan no se ha solucionado. Se aconseja a los usuarios que se aseguren de que los argumentos de la expresi\u00f3n no producen efectos secundarios o, si alguno los produce, de que ning\u00fan otro argumento depende de esos efectos secundarios. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*\",\"versionEndIncluding\":\"0.3.9\",\"matchCriteriaId\":\"56FB25B4-6446-4B4B-87AA-D4368B4B8685\"}]}]}],\"references\":[{\"url\":\"https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.