Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
7.5CVSS
7.3AI Score
0.001EPSS
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the is_static parameter to determine if the call is executed in a static context (via STATICCALL), and thus decide if stateful operations should be done. Prior to version 0.36.0,.....
7.5CVSS
7.4AI Score
0.001EPSS
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate < 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is ...
9.8CVSS
9.5AI Score
0.002EPSS
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...
6.5CVSS
6.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified...
6.1CVSS
6AI Score
0.001EPSS
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed.....
8.8CVSS
8.6AI Score
0.01EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery...
8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allow remote attackers to inject arbitrary web script or HTML via (1) a delivery address and possibly (2) a...
6.3AI Score
0.002EPSS