16 matches found
Linux kernel å®å Øę¼ę“
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mchpipcgetclusteraggrirq function in mchp-ipc-sbi. This function uses a hartid index on a...
EUVD-2018-12978
Malware in sbrugna...
Vulnerability fixed in IBM Tivoli Monitoring
IBM has fixed a vulnerability in IBM Tivoli Monitoring version 6.3.0.7 through Service Pack 19. The vulnerability is in the improper validation of an index within a dynamically allocated array. This issue could allow a malicious person to execute arbitrary code on affected systems. IBM has releas...
GHSA-4W26-8P97-F4JP AugAssign evaluation order causing OOB write within the object in Vyper
Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write...
PYSEC-2025-31
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
CVE-2023-40015 Vyper: reversed order of side effects for some operations
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
GHSA-G2XH-C426-V8MF Vyper: reversed order of side effects for some operations
Impact For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. - unsafeadd - unsafesub - unsafemul - unsafediv - powmod256 - |, &, ^ bitwise operators - bitwiseor deprecated - bitwiseand deprecated - bitwisex...
The getMaxTreeBrackets function does not handle the case when the suffixes array cannot be created due to memory constraints.
Lines of code Vulnerability details Impact if MaxTreeHeight is set to a very large value, such as 10^9, and twoSubstringLength is also set to a large value, such as 100, then the suffixes array would require 10^9 100 bytes of memory to be created. If the contract does not have that much memory...
removeAddress doesn't decrease the contracts.length
Lines of code Vulnerability details Impact The contracts length will always increase because the removeAddress function just deleting the value inside the array and never decrease the length by calling pop method. This can lead to Dos when calling functions that doing loop on contracts storage:...
ClearingHouse looping over dynamic array might result in a DOS because of the block gas limit
Lines of code Vulnerability details Impact Inside the ClearingHouse contract there are multiple instances where it loops over the dynamic amms array. There is no way looping over a subset of the array or continuing for you left off. Thus, if the array is large enough certain functions won't be...
Looping over dynamic array might result in DoS through the block gas limit
Handle Ruhum Vulnerability details Impact Because of the block gas limit, looping over a dynamic array that grows over time might result in a DoS at some point. Both the PoolTemplate and the IndexTemplate have such dynamic arrays. Both don't have any functionality to decrease the size. Meaning, i...
CVE-2018-20421
Go Ethereum aka geth 1.8.19 allows attackers to cause a denial of service memory consumption by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly mstore " followed by a "c0xC800000 =...
CVE-2018-20421
Go Ethereum aka geth 1.8.19 allows attackers to cause a denial of service memory consumption by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly mstore " followed by a "c0xC800000 =...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0158)
A Use-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates the assignment of dynamic-array variables. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
fetchmail -- crash when bouncing a message
Matthias Andree reports: Fetchmail contains a bug that causes itself to crash when bouncing a message to the originator or to the local postmaster. The crash happens after the bounce message has been sent, when fetchmail tries to free the dynamic array of failed addresses, and calls the free...