logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-31146

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-31146

Description:
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.
Last updated date:
08/02/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
05/22/2023
Reference url to background

https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy