Lucene search

Veracode Vulnerability DatabaseVERACODE:43420

HistorySep 28, 2023 - 10:13 a.m.

Incorrect Bounds Checking

2023-09-2810:13:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

vyper

bounds checking

input validation

_abi_decode

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Vyper is vulnerable to Incorrect Bounds Checking. The vulnerability is due to the lack of input validation when _abi_decode() is nested in an expression. This allows for the construction of uses of _abi_decode() that can bypass bounds checking, ultimately resulting in incorrect results.

CPENameOperatorVersion
vyperle0.3.10rc4
vyperle0.3.10rc4

CPE	Name	Operator	Version
	vyper	le	0.3.10rc4
	vyper	le	0.3.10rc4

References

github.com/advisories/GHSA-cx2q-hfxr-rj97

github.com/vyperlang/vyper/pull/3626

github.com/vyperlang/vyper/pull/3626/commits/a7b03e936256b2b4f37a4daeebbec2571c6befb3

github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for VERACODE:43420