admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-245xx/CVE-2024-24561.json
cad-safe-bot 9f385c15a3 Auto-Update: 2024-02-09T21:00:25.541900+00:00
2024-02-09 21:00:29 +00:00

125 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-24561",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T17:15:11.180",
"lastModified": "2024-02-09T20:21:23.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.\n\n"
},
{
"lang": "es",
"value": "Vyper es un lenguaje de contrato inteligente de python para la m\u00e1quina virtual ethereum. En las versiones 0.3.10 y anteriores, la verificaci\u00f3n de los l\u00edmites para sectores no tiene en cuenta la capacidad de inicio + longitud de desbordarse cuando los valores no son literales. Si una funci\u00f3n slice() utiliza un argumento no literal para la variable de inicio o longitud, esto crea la capacidad para que un atacante desborde la verificaci\u00f3n de los l\u00edmites. Este problema se puede utilizar para realizar acceso OOB a direcciones de almacenamiento, memoria o datos de llamada. Tambi\u00e9n se puede utilizar para corromper la ranura de longitud de la matriz respectiva."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*",
"versionEndIncluding": "0.3.10",
"matchCriteriaId": "832C489D-4288-46B4-A29E-0E7168748042"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457",
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/vyperlang/vyper/issues/3756",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink