CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32481 – vyper's range(start, start + N) reverts for negative numbers
https://notcve.org/view.php?id=CVE-2024-32481
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. • https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287 https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868 https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5 https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24564 – Vyper extract32 can ready dirty memory
https://notcve.org/view.php?id=CVE-2024-24564
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. Cuando se utiliza el `extract32(b, start)` integrado, si el índice `start` proporcionado tiene como efecto secundario actualizar `b`, la matriz de bytes de la que extraer `32` bytes, podría ser que "extract32" lea y devuelva algo de memoria sucia. • https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26149 – Vyper _abi_decode Memory Overflow
https://notcve.org/view.php?id=CVE-2024-26149
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. • https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24563 – Vyper array negative index vulnerability
https://notcve.org/view.php?id=CVE-2024-24563
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. • https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541 https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137 https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2 • CWE-129: Improper Validation of Array Index •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24559 – Vyper SHA3 code generation bug
https://notcve.org/view.php?id=CVE-2024-24559
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. • https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586 https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •