169 matches found
EUVD-2025-21789
Malicious code in bioql PyPI...
EUVD-2022-6647
Malicious code in bioql PyPI...
EUVD-2023-1247
Malicious code in bioql PyPI...
EUVD-2023-2289
Malicious code in bioql PyPI...
EUVD-2024-0602
Malicious code in bioql PyPI...
EUVD-2022-6503
Malicious code in bioql PyPI...
MAL-2025-41588 Malicious code in openzeppelin-contracts-5.0.2 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in openzeppelin-contracts-5.0.2 (npm)
--- -= Per source details. Do not edit below this line.=-...
Out-of-bounds Read
@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to Out-of-bounds Read. The vulnerability is due to improper bounds checking caused by the lastIndexOf function in Bytes.sol accessing uninitialized memory when given an empty buffer and a non-maximum position,...
CVE-2025-54070
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
CVE-2025-54070
OpenZeppelin Contracts (Bytes.sol) lastIndexOf(bytes, byte, uint256) is vulnerable in versions prior to 5.4.0 when the input buffer is empty (buffer.length == 0) and pos != type(uint256).max. In this scenario, the function may access uninitialized memory at buffer + 0x20 + pos, potentially return...
CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
PT-2025-29948 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 5.2.0 through 5.3.9 Description: The lastIndexOfbytes,byte,uint256 function within the Bytes.sol library may access uninitialized memory under specific conditions. This occurs when the provided buffer length is...
OpenZeppelin Contracts 缓冲区错误漏洞
OpenZeppelin Contracts is a secure smart contract development library open-sourced by OpenZeppelin. A buffer error vulnerability exists in OpenZeppelin Contracts versions prior to 5.4.0, which stems from the lastIndexOf function potentially accessing uninitialized memory, potentially resulting in...
CVE-2024-27094
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
CVE-2023-30542
OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...
CVE-2023-26488
OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the...
CVE-2023-30541
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...