5 matches found
CVE-2022-24787
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
2vyper (=0.3.0), ape-vyper (>=0.7.1 <=0.8.3) +23 more potentially affected by CVE-2022-24787 via vyper (>=0.1.0b12 <=0.3.10)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =0.1.10 and more Source cves: CVE-2022-24787 Source advisory: OSV:GHSA-7VRM-3JC8-5WWM...
CVE-2022-24787
CVE-2022-24787 (Vyper) affects the Vyper language (Pythonic smart contract language for the EVM) in version 0.3.1 and earlier. The issue is that bytestrings can contain dirty bytes, causing word-for-word comparisons to yield incorrect results. Even without dirty nonzero bytes, two bytestrings may...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...