7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.9%
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type for i in range(a, a + N)
as in loops of type for i in range(start, stop)
and for i in range(stop)
, the compiler is able to raise a TypeMismatch
when trying to overflow the variable. The problem has been patched in version 0.3.8.
[
{
"vendor": "vyperlang",
"product": "vyper",
"versions": [
{
"version": "< 0.3.8",
"status": "affected"
}
]
}
]