Lucene search
Veracode Vulnerability DatabaseVERACODE:40255HistoryApr 24, 2023 - 2:52 a.m.
Interpretation Conflict
2023-04-2402:52:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
openzeppelin
vulnerability
interpretation conflict
transparentupgradeableproxy
clashing selector calls
abi encoding
proxy revert
0.001 Low
EPSS
Percentile
39.4%
@openzeppelin/contracts is vulnerable to Interpretation Conflict. The vulnerability exists because the TransparentUpgradeableProxy clashing selector calls may not be delegated if the clashing function has a different signature with incompatible ABI encoding, which could lead to proxy revert while attempting to decode the arguments from calldata
References
github.com/advisories/GHSA-mx2q-35m2-x2rh
github.com/OpenZeppelin/openzeppelin-contracts/commit/c01ea99123a9be7494557b6b2ca5942c6be487f9
github.com/OpenZeppelin/openzeppelin-contracts/pull/4154
github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.8.3
github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-mx2q-35m2-x2rh
Related
cvelist
cvelist
cve
cve
CVE-2023-30541
2023-04-17 22:15:10
nvd
nvd
CVE-2023-30541
2023-04-17 22:15:10
prion
prion
Code injection
2023-04-17 22:15:00
osv
osv
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
2023-04-17 16:45:21
CVE-2023-30541
2023-04-17 22:15:10
github
github