3 matches found
2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2024-24563 via vyper (>=0.1.0b12 <=0.4.0)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2024-24563 Source advisory: OSV:PYSEC-2024-150...
CVE-2024-24563
CVE-2024-24563 affects Vyper, where arrays can be indexed by signed integers even though defined for unsigned indices. The typechecker permits signed integers as array indexes, and with very large arrays, bounds checks can pass for negative values, leading to potential unpredictable behavior, acc...
CVE-2024-24563
creationtimestamp| type| source ---|---|--- 2024-02-07 15:57:07+00:00| published-proof-of-concept| https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2 2024-02-07 18:32:26+00:00| seen| https://t.me/ctinow/180884 2024-02-15 08:17:12+00:00| seen| https://t.me/ctinow/185330...