Out-of-bounds Read Affecting vyper package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (10th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-VYPER-6277565
- published 27 Feb 2024
- disclosed 26 Feb 2024
- credit trocher
Introduced: 26 Feb 2024
CVE-2024-24564 Open this link in a new tabHow to fix?
There is no fixed version for vyper
.
Overview
vyper is a Pythonic Smart Contract Language for the EVM.
Affected versions of this package are vulnerable to Out-of-bounds Read due to the extract32
function's caching mechanism. An attacker can access and return dirty memory bytes instead of the expected output by manipulating the start
index to change b
's content and length.
PoC
var:Bytes[96]
@internal
def bar() -> uint256:
self.var = b'uuuuuuuuuuuuuuuuuuuuuuuuuuuuuu'
self.var = b''
return 3
@external
def foo() -> bytes32:
self.var = b'abcdefghijklmnopqrstuvwxyz123456789'
return extract32(self.var, self.bar(), output_type=bytes32)
# returns b'uuuuuuuuuuuuuuuuuuuuuuuuuuu\x00\x00789'
References
CVSS Scores
version 3.1