Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.7 views

CVE-2024-24560

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

5.3CVSS6.9AI score0.00526EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/02/02 6:10 p.m.7 views

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24560 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24560 Source advisory: OSV:GHSA-GP3W-2V2M-P686...

5.3CVSS6AI score0.00526EPSS
Exploits1
Cvelist
Cvelist
added 2024/02/02 4:19 p.m.33 views

CVE-2024-24560 Vyper external calls can overflow return data to return input buffer

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

3.7CVSS5.6AI score0.00526EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/02 4:19 p.m.31 views

CVE-2024-24560 Vyper external calls can overflow return data to return input buffer

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

3.7CVSS6.9AI score0.00526EPSS
Exploits1References1
CVE
CVE
added 2024/02/02 4:19 p.m.58 views

CVE-2024-24560

CVE-2024-24560 concerns Vyper’s handling of external calls, where the return buffer can overflow into the input buffer due to memory layout and the RETURNDATASIZE length check for dynamic types. The result can cause a contract to read malformed data from the input buffer instead of the intended r...

5.3CVSS5.3AI score0.00526EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder