Lucene search
GitHub_MCVELIST:CVE-2023-30837HistoryMay 08, 2023 - 4:03 p.m.
CVE-2023-30837 Vyper storage allocator overflow
2023-05-0816:03:06
CWE-789
GitHub_M
www.cve.org
vyper
storage allocator
overflow
pythonic smart contract
evm
allocation
0.3.8 fix
owner variable
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.5%
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
CNA Affected
[
{
"vendor": "vyperlang",
"product": "vyper",
"versions": [
{
"version": "< 0.3.8",
"status": "affected"
}
]
}
]Related
veracode
veracode
Buffer Overflow
2023-05-11 10:30:20
osv
osv
PYSEC-2023-76
2023-05-08 17:15:00
vyper vulnerable to storage allocator overflow
2023-05-05 22:22:23
CVE-2023-30837
2023-05-08 17:15:12
cve
cve
CVE-2023-30837
2023-05-08 17:15:12
prion
prion
Code injection
2023-05-08 17:15:00
github
github
vyper vulnerable to storage allocator overflow
2023-05-05 22:22:23
nvd
nvd
CVE-2023-30837
2023-05-08 17:15:12
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.5%
Related for CVELIST:CVE-2023-30837