11 matches found
EUVD-2025-4283
Malicious code in bioql PyPI...
CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
GHSA-4VC8-PG5C-VG4X Keycloak's improper input validation allows using email as username
Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails...
CVE-2024-35229
CVE-2024-35229 concerns ZKSync Era (Matter Labs) prior to v1.3.10. A bug in the evaluation order of Yul function arguments is triggered by the pattern f(a(),b()); check_if_a_executed_last(), exposing a vulnerability in how arguments are evaluated. The issue has been fixed in v1.3.10. Affected dep...
CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2023-41052
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
PYSEC-2023-168
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
Vyper Security Vulnerability
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper version 0.3.9 and earlier versions, which stems from the fact that the order in which the parameters of the built-in functions "uint256addmod", "uint256mulmod", "ecadd" and "ecmul" are evaluated does n...