5 matches found
CVE-2024-27094
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
@etherisc/gif-next (>=0.0.2-0a7d082-551 <=0.0.2-ff8087d-237), @ethsign/sign-protocol-evm (>=1.0.0 <=1.1.3) +9 more potentially affected by CVE-2024-27094 via @openzeppelin/contracts-upgradeable (>=5.0.0 <=5.0.1)
@openzeppelin/contracts-upgradeable NPM version =5.0.0, =0.0.2-0a7d082-551, =1.0.0, =2.5.5, =1.0.0, =1.0.0-beta-rc1, =0.0.1, =1.0.1, =0.1.0, =0.1.0-alpha.10 Source cves: CVE-2024-27094 Source advisory: OSV:GHSA-9VX6-7XXF-X967...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
CVE-2024-27094
OpenZeppelin Contracts Base64.encode has a memory-read flaw when input length is not a multiple of 3, risking corruption of the encoded output. This affects OpenZeppelin Contracts (and upgradeable) prior to versions 5.0.2 and 4.9.6. Remediation: upgrade to 5.0.2 or 4.9.6. No exploit details are p...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...