Количество 2
Количество 2
CVE-2024-24561
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
GHSA-9x7f-gwxq-6f2c
Vyper's bounds check on built-in `slice()` function can be overflowed
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-24561 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array. | CVSS3: 9.8 | 1% Низкий | около 2 лет назад |
| GHSA-9x7f-gwxq-6f2c Vyper's bounds check on built-in `slice()` function can be overflowed | CVSS3: 9.8 | 1% Низкий | около 2 лет назад |
Уязвимостей на страницу