9 matches found
CVE-2026-23157
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages BUG There is an internal report that over 1000 processes are waiting at the ioscheduletimeout of balancedirtypages, causing a system hang and trigger...
CVE-2026-23157
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages BUG There is an internal report that over 1000 processes are waiting at the ioscheduletimeout of balancedirtypages, causing a system hang and trigger...
CVE-2024-24564
Vyper CVE-2024-24564 describes a memory-safety issue with extract32(b, start): if the start argument can mutate b, extracting 32 bytes may read and return dirty memory. The defect affects older Vyper versions (e.g., 0.3.10 and earlier) and is fixed in 0.4.0. Red Hat and other sources list the sam...
CVE-2024-24564 Vyper extract32 can ready dirty memory
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...
GHSA-4HWQ-4CPM-8VMX Vyper's `extract32` can ready dirty memory
Summary When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. As of v0.4.0 specifically, commit...
Vyper's `extract32` can ready dirty memory
Summary When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. As of v0.4.0 specifically, commit...
PT-2024-20455 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.4.0 Description: The issue arises when using the built-in extract32b, start function in Vyper, a pythonic Smart Contract Language for the Ethereum virtual machine. If the start index provided has a side effect that...
Vyper Security Vulnerability
Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from the fact that extract32 may read and return some dirty memory when using the built-in index...
Not cleaning scratch space/memory after delegatecalls leads to the caller to work with "dirty" memory
Lines of code Vulnerability details Impact NOTE - the link above is just the most critical example, the issue affects many functions in the libraries in scope Calls to deployed libraries are done via delegatecalls, so the storage AND MEMORY context in the library is the one of the caller. Sometim...