CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56317
https://notcve.org/view.php?id=CVE-2024-56317
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. En Matter (también conocido como connectedhomeip o Project CHIP) hasta la versión 1.4.0.0, la función WriteAcl elimina primero todas las entradas de ACL existentes y luego intenta volver a crearlas en función de la entrada del usuario. Si la validación de la entrada falla durante la decodificación, el proceso se detiene y access-control-server.cpp no restaura ninguna entrada, es decir, se produce una denegación de servicio. • https://github.com/project-chip/connectedhomeip/issues/36535 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45056 – `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
https://notcve.org/view.php?id=CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. • https://github.com/llvm/llvm-project/commit/e48237df95b49a36b8ffceb78c8a58f4be1b4344 https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-fpx7-8vc6-frjj • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43366 – zkvyper ignored loop range bounds
https://notcve.org/view.php?id=CVE-2024-43366
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However, more real-life use cases like iterating over an array are not affected. No contracts were affected by this issue, which was fixed in version 1.5.3. • https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-8j77-7rrv-6pxx • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38533 – ZKsync Era invalid stack addressing conversion
https://notcve.org/view.php?id=CVE-2024-38533
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0. ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. Es posible que el acceso a la pila no sea válido debido a que las direcciones utilizadas para acceder a la pila no se convierten correctamente en celdas. • https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-q7pg-6jh9-87gv • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35229 – ZKsync Era evaluation order of Yul function arguments
https://notcve.org/view.php?id=CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts. ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. • https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79 https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p • CWE-696: Incorrect Behavior Order •