229 matches found
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...
GHSA-QHR6-MGQR-MCHM Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285
CVE-2025-47285 affects Vyper up to and including 0.4.2rc1, where the built-in concat() may skip evaluation of side effects when an argument has zero length due to a fastpath in the implementation. The issue arises because argument expressions with zero length may bypass evaluation, which could su...
PT-2025-21347
Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue arises from the concat function potentially skipping the evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation tha...
Vyper 安全漏洞
Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from concat potentially skipping side-effect evaluation when the parameter length is zero...
Security update for sqlite3
This update for sqlite3 fixes the following issues: CVE-2025-29087: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory jscSLE-16032 Patch...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the concat function. An attacker can trigger an integer overflow by supplying input with an excessive number of separators and arguments. Note: This vulnerability has also been published as CVE-2025-327...
BIT-SQLITE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
CVE-2025-29087
A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concatws function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the concat function. An attacker can trigger an integer overflow by supplying input with an excessive number of separators and arguments. Note: This vulnerability has also been published as CVE-2025-327...
CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
SQLite 安全漏洞
SQLite is a lightweight database from the SQLite open source, a relational database management system that adheres to ACID. A security vulnerability exists in SQLite version 3.49.0, which stems from a concat function that could lead to an integer overflow...
CVE-2025-29087
CVE-2025-29087 concerns SQLite: concat_ws() can write beyond the end of a malloc’d buffer in versions 3.44.0–3.49.0 when a large, attacker-controlled separator is supplied, triggering an integer overflow while sizing the result buffer. This may lead to memory corruption or a crash. A fix is avail...
PT-2025-15279
Name of the Vulnerable Software and Affected Versions Sqlite version 3.49.0 Description The issue is related to an integer overflow in the concat function. Recommendations For Sqlite version 3.49.0, at the moment, there is no information about a newer version that contains a fix for this...