CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27094 – OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
https://notcve.org/view.php?id=CVE-2024-27094
29 Feb 2024 — OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. OpenZeppelin Contracts es una librería para el desarrollo seguro de contratos inteligentes. • https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40014 – OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
https://notcve.org/view.php?id=CVE-2023-40014
10 Aug 2023 — OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is awar... • https://github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35915 – Unbounded gas consumption in @openzeppelin/contracts
https://notcve.org/view.php?id=CVE-2022-35915
01 Aug 2022 — OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •