CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24564 – Vyper extract32 can ready dirty memory
https://notcve.org/view.php?id=CVE-2024-24564
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. Cuando se utiliza el `extract32(b, start)` integrado, si el índice `start` proporcionado tiene como efecto secundario actualizar `b`, la matriz de bytes de la que extraer `32` bytes, podría ser que "extract32" lea y devuelva algo de memoria sucia. • https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26149 – Vyper _abi_decode Memory Overflow
https://notcve.org/view.php?id=CVE-2024-26149
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. • https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24563 – Vyper array negative index vulnerability
https://notcve.org/view.php?id=CVE-2024-24563
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. • https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541 https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137 https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2 • CWE-129: Improper Validation of Array Index •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24559 – Vyper SHA3 code generation bug
https://notcve.org/view.php?id=CVE-2024-24559
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. • https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586 https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24560 – Vyper external calls can overflow return data to return input buffer
https://notcve.org/view.php?id=CVE-2024-24560
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned. • https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •