Описание
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3-py-evm | itp | package |
EPSS
Процентиль: 73%
0.0075
Низкий
Связанные уязвимости
CVSS3: 8.8
nvd
около 7 лет назад
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
CVSS3: 8.8
github
около 7 лет назад
Py-EVM is vulnerable to arbitrary bytecode injection
EPSS
Процентиль: 73%
0.0075
Низкий