CVE-2023-40014 – OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender

https://notcve.org/view.php?id=CVE-2023-40014

10 Aug 2023 — OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is awar... • https://github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd • CWE-116: Improper Encoding or Escaping of Output •