pysec-2024-205
Vulnerability from pysec
Published
2024-02-26 20:19
Modified
2025-01-19 19:19
Severity ?
Details
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b, start)
, if the start
index provided has for side effect to update b
, the byte array to extract 32
bytes from, it could be that some dirty memory is read and returned by extract32
. This vulnerability is fixed in 0.4.0.
Aliases
{ affected: [ { package: { ecosystem: "PyPI", name: "vyper", purl: "pkg:pypi/vyper", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "3d9c537142fb99b2672f21e2057f5f202cde194f", }, ], repo: "https://github.com/vyperlang/vyper", type: "GIT", }, { events: [ { introduced: "0", }, { fixed: "0.4.0", }, ], type: "ECOSYSTEM", }, ], versions: [ "0.1.0b1", "0.1.0b10", "0.1.0b11", "0.1.0b12", "0.1.0b13", "0.1.0b14", "0.1.0b15", "0.1.0b16", "0.1.0b17", "0.1.0b2", "0.1.0b3", "0.1.0b4", "0.1.0b5", "0.1.0b6", "0.1.0b7", "0.1.0b8", "0.1.0b9", "0.2.1", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.3.0", "0.3.1", "0.3.10", "0.3.10rc1", "0.3.10rc2", "0.3.10rc3", "0.3.10rc4", "0.3.10rc5", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.4.0b1", "0.4.0b2", "0.4.0b3", "0.4.0b4", "0.4.0b5", "0.4.0b6", "0.4.0rc1", "0.4.0rc2", "0.4.0rc3", "0.4.0rc4", "0.4.0rc5", "0.4.0rc6", ], }, ], aliases: [ "CVE-2024-24564", ], details: "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.", id: "PYSEC-2024-205", modified: "2025-01-19T19:19:01.519824+00:00", published: "2024-02-26T20:19:05+00:00", references: [ { type: "ADVISORY", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", }, { type: "EVIDENCE", url: "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx", }, { type: "FIX", url: "https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f", }, ], related: [ "GHSA-4hwq-4cpm-8vmx", "GHSA-4hwq-4cpm-8vmx", ], severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.