7 matches found
GHSA-8PFH-J44R-F654 Cosmos EVM Vulnerability
Patches Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade. Workarounds No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended. Testing...
EUVD-2018-0118
Malware in sbrugna...
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
eth-utils (>=0.1.1 <=0.2.0), evm-network (>=0.11.0 <=0.11.0-beta.3) +31 more potentially affected by CVE-2022-39354 via evm (>=0.11.1 <=0.33.1)
evm CARGO version =0.11.1, =0.1.1, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =1.0.0, =1.0.0, =2.1.0 - fp-storage =1.0.0 and more Source cves: CVE-2022-39354 Source advisory: OSV:RUSTSEC-2022-0083...
Py-EVM is vulnerable to arbitrary bytecode injection
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
Design/Logic Flaw
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
PYSEC-2018-155
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...