CVE-2021-41121

Опубликовано: 06 окт. 2021

Источник: nvd

CVSS3: 7.5

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.

Ссылки

https://github.com/vyperlang/vyper/pull/2447
Patch
Third Party Advisory
https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv
Third Party Advisory
https://github.com/vyperlang/vyper/pull/2447
Patch
Third Party Advisory
https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*

Версия до 0.3.0 (исключая)

EPSS

Процентиль: 62%

0.00423

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-xv8x-pr4h-73jv

CVSS3: 7.5

github

больше 4 лет назад

Memory corruption when returning a literal struct with a private call inside of it

EPSS

Процентиль: 62%

0.00423

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-119