Lucene search

GitHub_MCVELIST:CVE-2023-31146

HistoryMay 11, 2023 - 8:51 p.m.

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

2023-05-1120:51:51

CWE-787

GitHub_M

www.cve.org

cve-2023-31146; vyper; pythonic smart contract; ethereum virtual machine; codegen; oob dynarray access; data corruption; call frames; data revert; version 0.3.8; patch

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.

CNA Affected

[
  {
    "vendor": "vyperlang",
    "product": "vyper",
    "versions": [
      {
        "version": "< 0.3.8",
        "status": "affected"
      }
    ]
  }
]

References

github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb

github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for CVELIST:CVE-2023-31146