CVE-2022-29255

Опубликовано: 09 июн. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.

Ссылки

https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d
Patch
Third Party Advisory
https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38
Exploit
Mitigation
Third Party Advisory
https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d
Patch
Third Party Advisory
https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*

Версия до 0.3.4 (исключая)

EPSS

Процентиль: 28%

0.00102

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-670

Связанные уязвимости

GHSA-4v9q-cgpw-cf38

CVSS3: 7.5

github

больше 3 лет назад

Multiple evaluation of contract address in call in vyper

EPSS

Процентиль: 28%

0.00102

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-670