5 matches found
CVE-2024-24560
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24560 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24560 Source advisory: OSV:GHSA-GP3W-2V2M-P686...
CVE-2024-24560 Vyper external calls can overflow return data to return input buffer
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...
CVE-2024-24560 Vyper external calls can overflow return data to return input buffer
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...
CVE-2024-24560
CVE-2024-24560 concerns Vyper’s handling of external calls, where the return buffer can overflow into the input buffer due to memory layout and the RETURNDATASIZE length check for dynamic types. The result can cause a contract to read malformed data from the input buffer instead of the intended r...