7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.8%
Vyper is a Pythonic Smart Contract Language for the EVM. The _abi_decode()
function does not validate input when it is nested in an expression. Uses of _abi_decode()
can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release 0.3.10
. Users are advised to reference pull request #3626.
[
{
"vendor": "vyperlang",
"product": "vyper",
"versions": [
{
"version": ">= 0.3.4, < 0.3.10",
"status": "affected"
}
]
}
]