Lucene search
+L

5 matches found

NVD
NVD
added 2024/03/21 2:52 a.m.11 views

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

7.4CVSS6.3AI score0.00763EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/02/29 8:9 p.m.7 views

@etherisc/gif-next (>=0.0.2-0a7d082-551 <=0.0.2-ff8087d-237), @ethsign/sign-protocol-evm (>=1.0.0 <=1.1.3) +9 more potentially affected by CVE-2024-27094 via @openzeppelin/contracts-upgradeable (>=5.0.0 <=5.0.1)

@openzeppelin/contracts-upgradeable NPM version =5.0.0, =0.0.2-0a7d082-551, =1.0.0, =2.5.5, =1.0.0, =1.0.0-beta-rc1, =0.0.1, =1.0.1, =0.1.0, =0.1.0-alpha.10 Source cves: CVE-2024-27094 Source advisory: OSV:GHSA-9VX6-7XXF-X967...

7.4CVSS6.5AI score0.00763EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/02/29 6:18 p.m.12 views

CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

6.5CVSS6.7AI score0.00763EPSS
Exploits0References5
CVE
CVE
added 2024/02/29 6:18 p.m.108 views

CVE-2024-27094

OpenZeppelin Contracts Base64.encode has a memory-read flaw when input length is not a multiple of 3, risking corruption of the encoded output. This affects OpenZeppelin Contracts (and upgradeable) prior to versions 5.0.2 and 4.9.6. Remediation: upgrade to 5.0.2 or 4.9.6. No exploit details are p...

7.4CVSS6.3AI score0.00763EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2024/02/29 6:18 p.m.21 views

CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

6.5CVSS6.5AI score0.00763EPSS
Exploits0References5
Rows per page
Query Builder