Lucene search
+L

13 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:41 a.m.9 views

CVE-2024-24564

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

5.3CVSS6.6AI score0.00561EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/23 10:25 p.m.24 views

CVE-2025-26622

A flaw was found in Vyper’s sqrt builtin function. This vulnerability allows incorrect rounding of square root calculations via improper handling of oscillating final states in the Babylonian method. Mitigation Mitigation for this issue is either not available or the currently available options d...

7.5CVSS7.4AI score0.00302EPSS
Exploits0References5
CVE
CVE
added 2024/04/25 5:41 p.m.69 views

CVE-2024-32647

Vyper vulnerability CVE-2024-32647 concerns the create_from_blueprint builtin prior to version 0.3.11. The root cause is that the _build_create_IR path does not cache the args parameter on the stack when raw_args=True and args have side-effects, allowing the argument to be evaluated multiple time...

5.3CVSS6.8AI score0.00451EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/25 5:18 p.m.40 views

CVE-2024-32645 vyper performs incorrect topic logging in raw_log

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

5.3CVSS5.6AI score0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/25 5:0 p.m.15 views

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

5.3CVSS6.9AI score0.00791EPSS
Exploits1References4
NVD
NVD
added 2024/02/26 8:19 p.m.40 views

CVE-2024-26149

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

5.3CVSS4AI score0.00542EPSS
Exploits1References1
OSV
OSV
added 2024/02/26 8:19 p.m.74 views

PYSEC-2024-164

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

5.3CVSS5.1AI score0.00542EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/26 8:16 p.m.37 views

CVE-2024-24564 Vyper extract32 can ready dirty memory

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

3.7CVSS4.4AI score0.00561EPSS
Exploits1References2
NVD
NVD
added 2024/02/07 5:15 p.m.44 views

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

9.8CVSS9.3AI score0.01539EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/02/05 9:4 p.m.58 views

CVE-2024-24559 Vyper SHA3 code generation bug

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

3.7CVSS5.6AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2022/04/13 10:15 p.m.22 views

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returnsint128 is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0,...

9.8CVSS0.01377EPSS
Exploits1References2
Prion
Prion
added 2022/04/13 7:15 p.m.19 views

Buffer overflow

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

7.5CVSS9.5AI score0.00948EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/04/04 6:15 p.m.56 views

CVE-2022-24787

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...

7.5CVSS0.0097EPSS
Exploits0References2
Rows per page
Query Builder