Lucene search
+L

676 matches found

Cvelist
Cvelist
added 2023/05/11 9:1 p.m.63 views

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.6AI score0.00725EPSS
Exploits1References2
CVE
CVE
added 2023/05/11 9:1 p.m.63 views

CVE-2023-32059

The CVE-2023-32059 entry describes a vulnerability in Vyper (Pythonic smart contract language for EVM) prior to version 0.3.8. Root cause: internal calls with default arguments are compiled with incorrect ordering, causing defaults to be applied left-to-right instead of right-to-left, and in some...

7.5CVSS7.4AI score0.00725EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/11 9:1 p.m.37 views

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.3AI score0.00725EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/11 8:55 p.m.7 views

CVE-2023-32058 Vyper vulnerable to integer overflow in loop

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

7.5CVSS7.6AI score0.00913EPSS
Exploits1References2
CVE
CVE
added 2023/05/11 8:55 p.m.71 views

CVE-2023-32058

CVE-2023-32058 affects the Vyper language (EVM smart contracts). Prior to version 0.3.8, there was a missing overflow check for loop variables when iterating with patterns like for i in range(a, a + N). This could cause the loop variable’s type to overflow. The issue appears specifically in for i...

7.5CVSS7.6AI score0.00913EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/05/11 8:55 p.m.55 views

CVE-2023-32058 Vyper vulnerable to integer overflow in loop

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

7.5CVSS7.8AI score0.00913EPSS
Exploits1References2
OSV
OSV
added 2023/05/11 8:55 p.m.32 views

CVE-2023-32058 Vyper vulnerable to integer overflow in loop

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

7.5CVSS7.5AI score0.00913EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/11 8:51 p.m.7 views

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

7.5CVSS9.3AI score0.01241EPSS
Exploits1References2
CVE
CVE
added 2023/05/11 8:51 p.m.59 views

CVE-2023-31146

Vyper prior to 0.3.8 is vulnerable to out-of-bounds access in codegen when a dynarray is on both the LHS and RHS of an assignment. The length word is written before the data, enabling OOB access and potential data corruption across call frames. The issue is fixed in version 0.3.8. Affected produc...

9.1CVSS8.5AI score0.01241EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/05/11 8:51 p.m.71 views

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

7.5CVSS9.5AI score0.01241EPSS
Exploits1References2
OSV
OSV
added 2023/05/11 8:51 p.m.32 views

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

7.5CVSS8.9AI score0.01241EPSS
Exploits1References4
Veracode
Veracode
added 2023/05/11 10:30 a.m.13 views

Buffer Overflow

Vyper is vulnerable to Buffer Overflow. The vulnerability exists because it fails to properly implement a storage allocator which won't overflow, allowing an attacker to cause a buffer overflow...

7.5CVSS6.4AI score0.00697EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.7 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.8, which stems from incorrectly compiled internal calls to default parameters...

7.5CVSS7.2AI score0.00725EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.5 views

PT-2023-23571 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue is due to a missing overflow check for loop variables in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. By assigning the iterator of a loop to a variable, it is...

8.7CVSS7.3AI score0.00913EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.4 views

PT-2023-23179 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue occurs during codegen when the length word of a dynarray is written before the data. This can result in out-of-bounds array access when the dynarray is on both the lhs and rhs of an...

9.1CVSS7.2AI score0.01241EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.52 views

Vyper 输入验证错误漏洞

Vyper is the Pythonic smart contract language for EVM. An input validation error vulnerability exists in versions of Vyper prior to 0.3.8, which stems from a lack of overflow checking for cyclic variables...

7.5CVSS7.3AI score0.00913EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.32 views

Vyper 缓冲区错误漏洞

Vyper is the Pythonic smart contract language for EVM. A buffer error vulnerability exists in Vyper versions prior to 0.3.8. An attacker exploited the vulnerability to cause an array access out-of-bounds...

9.1CVSS8.5AI score0.01241EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.10 views

PT-2023-23572 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue concerns internal calls with default arguments in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, these calls are compiled incorrectly,...

8.7CVSS7.4AI score0.00725EPSS
Exploits1References8
NVD
NVD
added 2023/05/08 5:15 p.m.41 views

CVE-2023-30837

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...

7.5CVSS7.4AI score0.00697EPSS
Exploits1References2
PyPA
PyPA
added 2023/05/08 5:15 p.m.8 views

PYSEC-2023-76

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...

7.5CVSS6.8AI score0.00697EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder