Workflow

PyPi: Vyper

CVE-2024-24564

Safety vulnerability ID: 65695

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 26, 2024 Updated at May 16, 2024
Scan your Python projects for vulnerabilities →

Advisory

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. See CVE-2024-24564.

Affected package

vyper

Latest version: 0.3.10

Vyper: the Pythonic Programming Language for the EVM

Affected versions

Fixed versions

Vulnerability changelog

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. See CVE-2024-24564.


MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx: https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application