← volver
CVE-2023-30837

Vyper storage allocator overflow

CVSS 7.5 HIGHEPSS 0.7%CWE-789
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Productos afectados
vyperlang · vyper

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bbhttps://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6