PYSEC-2024-149

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice function uses a non-literal argument for the start ...

2vyper (=0.3.0), ape-vyper (>=0.7.1 <=0.8.3) +23 more potentially affected by CVE-2022-24787 via vyper (>=0.1.0b12 <=0.3.10)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =0.1.10 and more Source cves: CVE-2022-24787 Source advisory: OSV:GHSA-7VRM-3JC8-5WWM...