Improper Restriction of Operations within the Bounds of a Memory Buffer Affecting vyper package, versions [0, 0.4.0)
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.07% (31st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-VYPER-6226584
- published 2 Feb 2024
- disclosed 1 Feb 2024
- credit Zach Obront
Introduced: 1 Feb 2024
CVE-2024-24561 Open this link in a new tabHow to fix?
Upgrade vyper
to version 0.4.0 or higher.
Overview
vyper is a Pythonic Smart Contract Language for the EVM.
Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the slice
function. An attacker can achieve out-of-bounds access to storage, memory or calldata addresses and potentially corrupt the length slot of the respective array by manipulating the start or length variables to overflow the bounds check.
References
CVSS Scores
version 3.1