📄 Squirrel Out-Of-Bounds Read

A vulnerability exists in the Squirrel engine's stack implementation due to missing bounds checking in the PopTarget function. When attempting to pop from an empty stack, the function reads from datasize - 1 index -1, causing a heap buffer underflow...

EUVD-2024-0174

Malicious code in bioql PyPI...

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

Improper Validation

vyper is vulnerable to Improper Validation. The vulnerability is caused due to a miscalculation in stack management during the compilation of the sha364 operation in the IR. This could allow an attacker to manipulate the input and exploit the error in stack management during compilation...

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

PYSEC-2024-147

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

CVE-2024-24559

CVE-2024-24559 : Vyper SHA3 codegen bug due to miscalculated height in IR for sha3_64. Can only be triggered with hand-written IR; not exposed by regular vyper code. Public advisories describe a low-impact issue, with a hand-written IR PoC and a patch patch (PR 4063) fixing the problem. Exploitat...

CVE-2024-24559 Vyper SHA3 code generation bug

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

CVE-2024-24559 Vyper SHA3 code generation bug

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

GHSA-6845-XW22-FFXV Vyper sha3 codegen bug

Summary There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand. That is, it cannot be triggered from regular vyper code, it can only be triggered by using the...

Vyper sha3 codegen bug

Summary There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand. That is, it cannot be triggered from regular vyper code, it can only be triggered by using the...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...