676 matches found
CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...
CVE-2023-32059
The CVE-2023-32059 entry describes a vulnerability in Vyper (Pythonic smart contract language for EVM) prior to version 0.3.8. Root cause: internal calls with default arguments are compiled with incorrect ordering, causing defaults to be applied left-to-right instead of right-to-left, and in some...
CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...
CVE-2023-32058 Vyper vulnerable to integer overflow in loop
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...
CVE-2023-32058
CVE-2023-32058 affects the Vyper language (EVM smart contracts). Prior to version 0.3.8, there was a missing overflow check for loop variables when iterating with patterns like for i in range(a, a + N). This could cause the loop variable’s type to overflow. The issue appears specifically in for i...
CVE-2023-32058 Vyper vulnerable to integer overflow in loop
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...
CVE-2023-32058 Vyper vulnerable to integer overflow in loop
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...
CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...
CVE-2023-31146
Vyper prior to 0.3.8 is vulnerable to out-of-bounds access in codegen when a dynarray is on both the LHS and RHS of an assignment. The length word is written before the data, enabling OOB access and potential data corruption across call frames. The issue is fixed in version 0.3.8. Affected produc...
CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...
CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...
Buffer Overflow
Vyper is vulnerable to Buffer Overflow. The vulnerability exists because it fails to properly implement a storage allocator which won't overflow, allowing an attacker to cause a buffer overflow...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.8, which stems from incorrectly compiled internal calls to default parameters...
PT-2023-23571 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue is due to a missing overflow check for loop variables in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. By assigning the iterator of a loop to a variable, it is...
PT-2023-23179 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue occurs during codegen when the length word of a dynarray is written before the data. This can result in out-of-bounds array access when the dynarray is on both the lhs and rhs of an...
Vyper 输入验证错误漏洞
Vyper is the Pythonic smart contract language for EVM. An input validation error vulnerability exists in versions of Vyper prior to 0.3.8, which stems from a lack of overflow checking for cyclic variables...
Vyper 缓冲区错误漏洞
Vyper is the Pythonic smart contract language for EVM. A buffer error vulnerability exists in Vyper versions prior to 0.3.8. An attacker exploited the vulnerability to cause an array access out-of-bounds...
PT-2023-23572 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue concerns internal calls with default arguments in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, these calls are compiled incorrectly,...
CVE-2023-30837
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...
PYSEC-2023-76
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...