Integer Overflow or Wraparound Affecting vyper Open this link in a new tab package, versions [0.3.2,]

Attack Complexity

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-PYTHON-VYPER-2808880
published

6 May 2022
disclosed

6 May 2022
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 6 May 2022

CVE-2022-29175 Open this link in a new tab CWE-190 Open this link in a new tab

How to fix?

There is no fixed version for vyper.

Overview

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound where the multiplication of 168-bit integers can wrap in 256-bit arithmetic without any check of safemul .

References

GitHub Issue

Integer Overflow or Wraparound Affecting vyper Open this link in a new tab package, versions [0.3.2,]

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 6 May 2022

How to fix?

Overview

References