3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
When using the built-in extract32(b, start)
, if the start
index provided has for side effect to update b
, the byte array to extract 32
bytes from, it could be that some dirty memory is read and returned by extract32
.
Before evaluating start
, the function Extract32.build_IR
caches only:
b
: https://github.com/vyperlang/vyper/blob/10564dcc37756f3d3684b7a91fd8f4325a38c4d8/vyper/builtins/functions.py#L916-L918b
: https://github.com/vyperlang/vyper/blob/10564dcc37756f3d3684b7a91fd8f4325a38c4d8/vyper/builtins/functions.py#L920-L922but do not cache the actual content of b
. This means that if the evaluation of start
changes b
’s content and length, an outdated length will be used with the new content when extracting 32 bytes from b
.
Calling the function foo
of the following contract returns b'uuuuuuuuuuuuuuuuuuuuuuuuuuu\x00\x00789'
meaning that extract32
accessed some dirty memory.
var:Bytes[96]
@internal
def bar() -> uint256:
self.var = b'uuuuuuuuuuuuuuuuuuuuuuuuuuuuuu'
self.var = b''
return 3
@external
def foo() -> bytes32:
self.var = b'abcdefghijklmnopqrstuvwxyz123456789'
return extract32(self.var, self.bar(), output_type=bytes32)
# returns b'uuuuuuuuuuuuuuuuuuuuuuuuuuu\x00\x00789'
For contracts that are affected, it means that calling extract32
returns dirty memory bytes instead of some expected output.
github.com/advisories/GHSA-4hwq-4cpm-8vmx
github.com/vyperlang/vyper/blob/10564dcc37756f3d3684b7a91fd8f4325a38c4d8/vyper/builtins/functions.py#L916-L918
github.com/vyperlang/vyper/blob/10564dcc37756f3d3684b7a91fd8f4325a38c4d8/vyper/builtins/functions.py#L920-L922
github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx
nvd.nist.gov/vuln/detail/CVE-2024-24564
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%