GHSA-mgv8-gggw-mrg6

Опубликовано: 05 мая 2023

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

vyper vulnerable to storage allocator overflow

Impact

The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following:

owner: public(address) take_up_some_space: public(uint256[10]) buffer: public(uint256[max_value(uint256)]) @external def initialize(): self.owner = msg.sender @external def foo(idx: uint256, data: uint256): self.buffer[idx] = data

Per @toonvanhove, "An attacker can overwrite the owner variable by calling this contract with calldata: 0x04bc52f8 fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff (spaces inserted for readability) 0x04bc52f8 is the selector for foo(uint256, uint256), and the last argument fff...fff is the new value for the owner variable."

Patches

patched in 0bb7203b584e771b23536ba065a6efda457161bb

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

References

Are there any links users can visit to find out more?

Ссылки

Пакеты

Наименование

vyper

pip

Затронутые версииВерсия исправления

< 0.3.8

0.3.8

EPSS

Процентиль: 42%

0.00201

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2023-30837

Дефекты

CWE-789

Связанные уязвимости

CVE-2023-30837

CVSS3: 7.5

nvd

больше 2 лет назад

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

EPSS

Процентиль: 42%

0.00201

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2023-30837

Дефекты

CWE-789