3 matches found
CVE-2024-22419 concat built-in can corrupt memory in vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...
GHSA-VQGP-4JGJ-5J64 Py-EVM is vulnerable to arbitrary bytecode injection
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
Py-EVM Denial of Service Vulnerability
Py-EVM is a Python-based implementation of an Ethernet virtual machine. A denial of service vulnerability exists in Py-EVM version 0.2.0-alpha.33, which can be exploited by an attacker to cause a denial of service...