Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2025/07/17 9:19 p.m.9 views

@1inch/delegating (=2.0.0), @1inch/farming (=4.0.0) +31 more potentially affected by CVE-2025-54070 via @openzeppelin/contracts (>=5.2.0 <=5.3.0)

@openzeppelin/contracts NPM version =5.2.0, =1.0.0-alpha.9, =0.0.4, =1.0.0, =0.1.0, =0.4.27, =0.3.0, =0.5.3, =7.9.0-main3c5a2f8, =7.9.0-maine3c28f1, =7.9.0-main01f77d70, =7.9.0-mainc91b9b3, =7.9.0-main163e291, =7.9.0-main0cdac11, =8.0.9-prffd008c and more Source cves: CVE-2025-54070 Source...

6.9CVSS5.7AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/17 9:19 p.m.16 views

@originalworks/protocol-core-contracts (>=0.0.4 <=0.0.8), @pendle/boros-core (>=1.0.0 <=1.0.6) +13 more potentially affected by CVE-2025-54070 via @openzeppelin/contracts-upgradeable (>=5.2.0 <=5.3.0)

@openzeppelin/contracts-upgradeable NPM version =5.2.0, =0.0.4, =1.0.0, =0.1.0, =0.4.27, =0.3.0, =0.5.3, =7.9.0-maine3c28f1, =3.0.0, =1.0.0-alpha.1, =0.3.0, =0.3.0, =0.3.2, =0.1.0, =0.1.0, =0.2.0, =0.3.2 Source cves: CVE-2025-54070 Source advisory: OSV:GHSA-9RCW-C2F9-2J55...

6.9CVSS5.7AI score0.00334EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/17 6:25 p.m.6 views

CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

6.9CVSS7.6AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/17 6:25 p.m.12 views

CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

6.9CVSS0.00334EPSS
Exploits0References2
OSV
OSV
added 2025/07/17 6:25 p.m.8 views

CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

6.9CVSS7AI score0.00334EPSS
Exploits0References4
Rows per page
Query Builder