gsd-2023-30837
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-30837",
"id": "GSD-2023-30837"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-30837"
],
"details": "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n",
"id": "GSD-2023-30837",
"modified": "2023-12-13T01:20:52.441935Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-30837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vyper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 0.3.8"
}
]
}
}
]
},
"vendor_name": "vyperlang"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-789",
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6",
"refsource": "MISC",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6"
},
{
"name": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb",
"refsource": "MISC",
"url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"
}
]
},
"source": {
"advisory": "GHSA-mgv8-gggw-mrg6",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.3.8",
"affected_versions": "All versions before 0.3.8",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-789",
"CWE-937"
],
"date": "2023-08-02",
"description": "### Impact\nThe storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following:\n```vyper\nowner: public(address)\ntake_up_some_space: public(uint256[10])\nbuffer: public(uint256[max_value(uint256)])\n\n@external\ndef initialize():\n self.owner = msg.sender\n\n@external\ndef foo(idx: uint256, data: uint256):\n self.buffer[idx] = data\n```\nPer @toonvanhove, \"An attacker can overwrite the owner variable by calling this contract with calldata: `0x04bc52f8 fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` (spaces inserted for readability)\n`0x04bc52f8` is the selector for `foo(uint256, uint256)`, and the last argument `fff...fff` is the new value for the owner variable.\"",
"fixed_versions": [
"0.3.8"
],
"identifier": "CVE-2023-30837",
"identifiers": [
"CVE-2023-30837",
"GHSA-mgv8-gggw-mrg6"
],
"not_impacted": "All versions starting from 0.3.8",
"package_slug": "pypi/vyper",
"pubdate": "2023-05-08",
"solution": "Upgrade to version 0.3.8 or above.",
"title": "vyper vulnerable to storage allocator overflow",
"urls": [
"https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6",
"https://github.com/advisories/GHSA-mgv8-gggw-mrg6"
],
"uuid": "49149fb3-364e-4ba7-85be-2da12488cea0"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.3.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-30837"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"
},
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-08-02T16:22Z",
"publishedDate": "2023-05-08T17:15Z"
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.