Safety vulnerability ID: 65695
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. See CVE-2024-24564.
Latest version: 0.3.10
Vyper: the Pythonic Programming Language for the EVM
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. See CVE-2024-24564.
MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx: https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application