CVE-2024-27094

OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.

OpenZeppelin Contracts es una librería para el desarrollo seguro de contratos inteligentes. La función `Base64.encode` codifica una entrada de `bytes` iterándola en fragmentos de 3 bytes. Cuando esta entrada no es múltiplo de 3, la última iteración puede leer partes de la memoria que están más allá del búfer de entrada. La vulnerabilidad se solucionó en 5.0.2 y 4.9.6.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-02-29 CVE Published
2024-03-01 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (5)

URL	Tag	Source
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854	X_refsource_misc
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1	X_refsource_misc
https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6	X_refsource_misc
https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c	X_refsource_misc
https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
OpenZeppelin Search vendor "OpenZeppelin"		Openzeppelin-contracts Search vendor "OpenZeppelin" for product "Openzeppelin-contracts"				>= 4.5.0 < 4.9.6 Search vendor "OpenZeppelin" for product "Openzeppelin-contracts" and version " >= 4.5.0 < 4.9.6"		en		Affected
OpenZeppelin Search vendor "OpenZeppelin"		Openzeppelin-contracts Search vendor "OpenZeppelin" for product "Openzeppelin-contracts"				>= 5.0.0 < 5.0.2 Search vendor "OpenZeppelin" for product "Openzeppelin-contracts" and version " >= 5.0.0 < 5.0.2"		en		Affected