GHSA-22wc-c9wj-6q2v

Опубликовано: 19 апр. 2021

Источник: github

Github: Прошло ревью

Описание

VVE-2021-0001: Memory corruption using function calls within arrays

Impact

When performing a function call inside an array, there is a memory corruption issue that occurs because of an incorrect pointer to the the tip of the stack.

Patches

This issue was partially fixed in VVE-2020-0004, however the fix did not update similar code for arrays, which had a similar issue. The issue is fully fixed in https://github.com/vyperlang/vyper/pull/2345

Ссылки

https://github.com/vyperlang/vyper/security/advisories/GHSA-22wc-c9wj-6q2v
https://github.com/vyperlang/vyper/pull/2345
https://github.com/vyperlang/vyper/commit/11b7b5b7e59bc9dc859d51cd41a924b59fe47c9e
https://pypi.org/project/vyper

Пакеты

Наименование

vyper

pip

Затронутые версииВерсия исправления

< 0.2.12

0.2.12

Дефекты

CWE-129

Дефекты

CWE-129