Количество 2
Количество 2
CVE-2024-27094
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.
GHSA-9vx6-7xxf-x967
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-27094 OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. | CVSS3: 6.5 | 1% Низкий | почти 2 года назад |
| GHSA-9vx6-7xxf-x967 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory | CVSS3: 6.5 | 1% Низкий | почти 2 года назад |
Уязвимостей на страницу