Lucene search
+L

54 matches found

Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.6 views

PT-2024-28059 · Unknown · Zksync Era

Name of the Vulnerable Software and Affected Versions: ZKsync Era versions prior to 1.5.0 Description: ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. The issue arises from possible invalid stack access due to the addresses used to access the stack not properly...

6.5CVSS7.2AI score0.00263EPSS
Exploits0References3
NVD
NVD
added 2024/05/27 5:15 p.m.15 views

CVE-2024-35229

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

5.3CVSS5.2AI score0.00399EPSS
Exploits0References2
CVE
CVE
added 2024/05/27 4:20 p.m.61 views

CVE-2024-35229

CVE-2024-35229 concerns ZKSync Era (Matter Labs) prior to v1.3.10. A bug in the evaluation order of Yul function arguments is triggered by the pattern f(a(),b()); check_if_a_executed_last(), exposing a vulnerability in how arguments are evaluated. The issue has been fixed in v1.3.10. Affected dep...

5.3CVSS5.2AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/27 4:20 p.m.16 views

CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

5.3CVSS6.8AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/27 4:20 p.m.22 views

CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

5.3CVSS5.2AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2024/05/27 4:20 p.m.15 views

CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

5.3CVSS6.9AI score0.00399EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.6 views

PT-2024-26393 · Unknown · Zksync Era

Name of the Vulnerable Software and Affected Versions: ZKsync Era versions prior to 1.3.10 Description: ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. A bug in the evaluation order of Yul function arguments is exposed by a specific pattern fa,b; check if a...

5.3CVSS7.1AI score0.00399EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/27 12:0 a.m.16 views

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in ZKsync Era versions prior to 1.3.10, which stems from checkifaexeculatedlast exposing a bug in the order in which Yul function arguments are evaluated...

5.3CVSS6.6AI score0.00399EPSS
Exploits0References3
NVD
NVD
added 2024/05/14 3:39 p.m.20 views

CVE-2024-34704

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS5.5AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.8 views

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in ZKsync Era versions prior to 1.4.1, which stems from a conversion error...

5.9CVSS6.6AI score0.00466EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/13 7:13 p.m.15 views

CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS6.6AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/13 7:13 p.m.28 views

CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

5.9CVSS5.8AI score0.00466EPSS
Exploits0References1
CVE
CVE
added 2024/05/13 7:13 p.m.53 views

CVE-2024-34704

Summary: CVE-2024-34704 affects era-compiler-solidity (ZKsync Solidity compiler). On instruction selection in the DAGCombine phase, folding the expression !(x cc y) into (x cc y) incorrectly assumed the second XOR operand representing the true value was -1, whereas the true value is 1. This misop...

5.9CVSS6.5AI score0.00466EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/03/09 9:5 p.m.2 views

Malicious code in zksync-hardhat-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b8c577cf7083b6313dbfbed2524851699af41517cc400559d3f451d7846f7ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/03/09 9:5 p.m.15 views

MAL-2024-1071 Malicious code in zksync-hardhat-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b8c577cf7083b6313dbfbed2524851699af41517cc400559d3f451d7846f7ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
NVD
NVD
added 2023/10/25 10:15 p.m.16 views

CVE-2023-46232

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

5.3CVSS5.2AI score0.00564EPSS
Exploits1References3
Prion
Prion
added 2023/10/25 10:15 p.m.15 views

Code injection

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

5CVSS5.3AI score0.00564EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/25 9:1 p.m.24 views

CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

5.3CVSS5.5AI score0.00564EPSS
Exploits1References3
CVE
CVE
added 2023/10/25 9:1 p.m.50 views

CVE-2023-46232

The CVE concerns era-compiler-vyper (EraVM Vyper compiler for zkSync Era). Before 1.3.10, a bug in initialization of the first immutable variable for Vyper contracts could occur when a String or Array allocates more 256‑bit words than are initialized; the second word’s index could be left unset (...

5.3CVSS5.2AI score0.00564EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/25 9:1 p.m.15 views

CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

5.3CVSS7.1AI score0.00564EPSS
Exploits1References3
Rows per page
Query Builder