Количество 2
Количество 2
CVE-2023-42460
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.
GHSA-cx2q-hfxr-rj97
Vyper's `_abi_decode` input not validated in complex expressions
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-42460 Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626. | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
| GHSA-cx2q-hfxr-rj97 Vyper's `_abi_decode` input not validated in complex expressions | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу