Lucene search

GoogleOSV:CVE-2023-30837

HistoryMay 08, 2023 - 5:15 p.m.

CVE-2023-30837

2023-05-0817:15:12

Google

osv.dev

vyper

smart contract

storage overflow

vulnerability

fixed

version 0.3.8

evm

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.5%

JSON

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

CPENameOperatorVersion
vypereq0.2.12
vypereq0.1.0-beta.12
vypereq0.2.8
vypereq0.2.14
vypereq0.3.3
vypereq0.1.0-beta.17
vypereq0.2.0
vypereq0.1.0-beta.15
vypereq0.1.0-beta.2
vypereq0.3.4

Name	Operator	Version
vyper	eq	0.2.12
vyper	eq	0.1.0-beta.12
vyper	eq	0.2.8
vyper	eq	0.2.14
vyper	eq	0.3.3
vyper	eq	0.1.0-beta.17
vyper	eq	0.2.0
vyper	eq	0.1.0-beta.15
vyper	eq	0.1.0-beta.2
vyper	eq	0.3.4

Rows per page:

1-10 of 441

References

github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb

github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for OSV:CVE-2023-30837