Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
References
Link | Resource |
---|---|
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | Patch |
https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6 | Exploit Vendor Advisory |
Configurations
History
02 Aug 2023, 16:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:* |
17 May 2023, 15:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb - Patch | |
References | (MISC) https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6 - Exploit, Vendor Advisory | |
CPE | cpe:2.3:a:vyper_project:vyper:*:*:*:*:*:*:*:* |
08 May 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-08 17:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-30837
Mitre link : CVE-2023-30837
CVE.ORG link : CVE-2023-30837
JSON object : View
Products Affected
vyperlang
- vyper
CWE
CWE-789
Memory Allocation with Excessive Size Value