47 matches found
CVE-2023-31146
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...
EUVD-2021-0459
Malware in sbrugna...
EUVD-2023-0268
Malicious code in bioql PyPI...
EUVD-2024-1269
Malicious code in bioql PyPI...
EUVD-2023-0273
Malicious code in bioql PyPI...
EUVD-2024-0174
Malicious code in bioql PyPI...
EUVD-2023-0275
Malicious code in bioql PyPI...
EUVD-2023-0269
Malicious code in bioql PyPI...
EUVD-2023-0274
Malicious code in bioql PyPI...
EUVD-2022-0354
Malicious code in bioql PyPI...
EUVD-2024-0179
Malicious code in bioql PyPI...
EUVD-2024-0182
Malicious code in bioql PyPI...
EUVD-2024-0175
Malicious code in bioql PyPI...
EUVD-2023-0276
Malicious code in bioql PyPI...
EUVD-2023-0271
Malicious code in bioql PyPI...
EUVD-2022-0353
Malicious code in bioql PyPI...
CVE-2024-24564
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...
CVE-2024-24560
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...
CVE-2023-41052
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
CVE-2023-42460
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...