Lucene search

CVE-2023-32059

🗓️ 11 May 2023 22:11:15Reported by GitHub_MType

Vyper smart contract language for Ethereum VM, prior to 0.3.8, incorrectly compiles internal calls with default args, causing typechecking bypass. Patched in 0.3.8

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Vulnrichment	CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls	11 May 202321:01	–	vulnrichment
Veracode	Improper Access Control	31 May 202308:35	–	veracode
OSV	Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls	12 May 202320:21	–	osv
OSV	PYSEC-2023-79	11 May 202322:15	–	osv
OSV	CVE-2023-32059	11 May 202322:15	–	osv
Github Security Blog	Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls	12 May 202320:21	–	github
Prion	Design/Logic Flaw	11 May 202322:15	–	prion
NVD	CVE-2023-32059	11 May 202322:15	–	nvd
Cvelist	CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls	11 May 202321:01	–	cvelist

Nvd

Vulners

Node

vyperlang vyperRange<0.3.8

[
  {
    "vendor": "vyperlang",
    "product": "vyper",
    "versions": [
      {
        "version": "< 0.3.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g
github	www.github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 May 2023 22:15Current

7.4High risk

Vulners AI Score7.4

CVSS37.5

EPSS0.00064

SSVC

CWE-683