2 matches found
2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-37902 via vyper (>=0.1.0b12 <=0.3.7)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-37902 Source advisory: OSV:PYSEC-2023-133...
CVE-2023-37902
Vyper (Pythonic language for the EVM) has a vulnerability in the ecrecover precompile prior to version 0.3.10, where the output buffer may contain undefined data if a signature does not verify. The ecrecover builtin can still return memory contents at address 0, potentially causing a signature ch...