3 matches found
CVE-2024-24559
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...
CVE-2024-24559
CVE-2024-24559 : Vyper SHA3 codegen bug due to miscalculated height in IR for sha3_64. Can only be triggered with hand-written IR; not exposed by regular vyper code. Public advisories describe a low-impact issue, with a hand-written IR PoC and a patch patch (PR 4063) fixing the problem. Exploitat...
CVE-2024-24559
creationtimestamp| type| source ---|---|--- 2024-02-05 17:52:56+00:00| published-proof-of-concept| https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv 2024-02-05 22:32:00+00:00| seen| https://t.me/ctinow/179548 2024-02-29 12:56:58+00:00| seen| https://t.me/ctinow/196596...