13 matches found
Out-of-bounds Read
vyper is vulnerable to Out-of-bounds Read. The vulnerability is due to an excessively large value specified as the starting index for an array in abidecode, causing the read position to overflow. This potentially can leads to Information Disclosure or Denial of service...
Design/Logic Flaw
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...
CVE-2024-26149 Vyper _abi_decode Memory Overflow
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...
CVE-2024-26149 Vyper _abi_decode Memory Overflow
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...
CVE-2024-26149 Vyper _abi_decode Memory Overflow
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...
GHSA-9P8R-4XP4-GW5W Vyper's `_abi_decode` vulnerable to Memory Overflow
Summary If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to bugs in contracts that use arrays within abidecode. The...
Vyper's `_abi_decode` vulnerable to Memory Overflow
Summary If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to bugs in contracts that use arrays within abidecode. The...
Incorrect Bounds Checking
Vyper is vulnerable to Incorrect Bounds Checking. The vulnerability is due to the lack of input validation when abidecode is nested in an expression. This allows for the construction of uses of abidecode that can bypass bounds checking, ultimately resulting in incorrect results...
CVE-2023-42460
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
Vyper's `_abi_decode` input not validated in complex expressions
Impact abidecode does not validate input when it is nested in an expression. the following example gets correctly validated bounds checked: vyper x: int128 = abidecodeslicemsg.data, 4, 32, int128 however, the following example is not bounds checked vyper @external def abidecodex: uint256 - uint25...
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
CVE-2023-42460
CVE-2023-42460 affects Vyper (EVM Python-like language). The _abi_decode() function does not validate input when nested in an expression, enabling construction that bypasses bounds checking and may yield incorrect results. No exploitation details are provided in the documents, and the vulnerabili...