Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

NVD
NVDadded 2024/04/25 6:15 p.m.12 views

CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

5.3CVSS5.3AI score0.008EPSS
Exploits0References1
CVE
CVEadded 2024/04/25 5:53 p.m.62 views

CVE-2024-32649

Vyper CVE-2024-32649 affects versions 0.3.10 and earlier, where the sqrt builtin’s build_IR does not cache its argument, allowing potential double evaluation when the argument has side-effects. The affected component is the sqrt builtin in Vyper’s IR generation, leading to multiple evaluations of...

5.3CVSS6.8AI score0.008EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/04/25 5:41 p.m.13 views

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS6.8AI score0.0066EPSS
Exploits0References2
CVE
CVEadded 2024/04/25 5:41 p.m.61 views

CVE-2024-32647

Vyper vulnerability CVE-2024-32647 concerns the create_from_blueprint builtin prior to version 0.3.11. The root cause is that the _build_create_IR path does not cache the args parameter on the stack when raw_args=True and args have side-effects, allowing the argument to be evaluated multiple time...

5.3CVSS6.8AI score0.0066EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2024/04/25 5:21 p.m.60 views

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

5.3CVSS7AI score0.00689EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder