Add CVE-2021-41122 for GHSA-c7pr-343r-5c46

2025-08-04 08:44:25 +00:00 · 2021-10-05 22:57:54 +00:00 · 2021-10-05 22:57:54 +00:00 · 847bcc1aea
commit 847bcc1aea
parent 16c93ac0aa
1 changed files with 76 additions and 6 deletions
--- a/2021/41xxx/CVE-2021-41122.json
+++ b/2021/41xxx/CVE-2021-41122.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-41122",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Bounds check missing for decimal args in Vyper"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "vyper",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 0.3.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "vyperlang"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 4.3,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-682: Incorrect Calculation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46"
+            },
+            {
+                "name": "https://github.com/vyperlang/vyper/pull/2447",
+                "refsource": "MISC",
+                "url": "https://github.com/vyperlang/vyper/pull/2447"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-c7pr-343r-5c46",
+        "discovery": "UNKNOWN"
    }
 }