mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
988 B
988 B
CVE-2024-24564
Description
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b, start), if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This vulnerability affects 0.3.10 and earlier versions.
POC
Reference
- https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx
- https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx
Github
No PoCs found on GitHub currently.