Количество 2
Количество 2
CVE-2024-24564
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.
GHSA-4hwq-4cpm-8vmx
Vyper's `extract32` can ready dirty memory
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-24564 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0. | CVSS3: 3.7 | 0% Низкий | почти 2 года назад |
| GHSA-4hwq-4cpm-8vmx Vyper's `extract32` can ready dirty memory | CVSS3: 3.7 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу