Lucene search
K

226 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/28 4:40 p.m.4 views

Malicious code in side-effects-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82b6dc5cf513223d6d09a04e6a0a1291c7ac2be14c46381e61d023f39c00b8c2 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/06/28 4:40 p.m.4 views

MAL-2025-5307 Malicious code in side-effects-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82b6dc5cf513223d6d09a04e6a0a1291c7ac2be14c46381e61d023f39c00b8c2 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.4 views

CVE-2024-32647

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS7AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:15 a.m.6 views

CVE-2023-41052

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS6.8AI score0.00455EPSS
Exploits1
OSV
OSV
added 2025/05/16 2:13 p.m.7 views

GHSA-3VCG-J39X-CWFM Vyper's `slice()` may elide side-effects when output length is 0

Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...

6.3CVSS6.6AI score0.00384EPSS
Exploits0References6
Snyk
Snyk
added 2025/05/16 2:13 p.m.3 views

Insufficient Control Flow Management

Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Insufficient Control Flow Management through the slice function. An attacker can bypass the evaluation of side effects in the start argument when the length argument is set to 0,...

6.3CVSS6.9AI score0.00384EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/16 2:13 p.m.18 views

Vyper's `slice()` may elide side-effects when output length is 0

Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...

6.3CVSS6.7AI score0.00384EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/05/16 2:10 p.m.4 views

Insufficient Control Flow Management

Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Insufficient Control Flow Management through optimization in the concat function. An attacker can skip evaluation of side effects when the length of an argument provided to the...

6.3CVSS6.9AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2025/05/16 2:10 p.m.4 views

GHSA-QHR6-MGQR-MCHM Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...

6.3CVSS6.8AI score0.00371EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/16 2:10 p.m.13 views

Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...

6.3CVSS6.8AI score0.00371EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/05/15 6:15 p.m.22 views

CVE-2025-47285

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

6.3CVSS0.00371EPSS
Exploits0References3
NVD
NVD
added 2025/05/15 6:15 p.m.36 views

CVE-2025-47774

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

6.3CVSS0.00384EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 5:38 p.m.3 views

CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

6.3CVSS6.7AI score0.00384EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/05/15 5:38 p.m.19 views

CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

6.3CVSS0.00384EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/15 5:38 p.m.22 views

CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

6.3CVSS7.1AI score0.00384EPSS
Exploits0References4
CVE
CVE
added 2025/05/15 5:38 p.m.44 views

CVE-2025-47774

CVE-2025-47774 relates to Vyper (Pythonic language for the EVM). The issue affects Vyper versions up to and including 0.4.2rc1 where slice() can elide side effects when length is 0 for certain source bytestrings (e.g., msg.data or .code). The root cause is that the length >= 1 check is skipped...

6.3CVSS6.5AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 5:24 p.m.5 views

CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

6.3CVSS6.9AI score0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/15 5:24 p.m.25 views

CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

6.3CVSS0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/15 5:24 p.m.9 views

CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

6.3CVSS7.2AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 2025/05/15 5:24 p.m.38 views

CVE-2025-47285

CVE-2025-47285 affects Vyper up to and including 0.4.2rc1, where the built-in concat() may skip evaluation of side effects when an argument has zero length due to a fastpath in the implementation. The issue arises because argument expressions with zero length may bypass evaluation, which could su...

6.3CVSS6.6AI score0.00371EPSS
Exploits0References3
Rows per page
Query Builder