CVE-2024-24564
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-24564
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24564.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-24564
- Aliases
- Related
- Published
- 2024-02-26T20:19:05Z
- Modified
- 2025-01-19T19:56:51.784572Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in
extract32(b, start), if thestartindex provided has for side effect to updateb, the byte array to extract32bytes from, it could be that some dirty memory is read and returned byextract32. This vulnerability is fixed in 0.4.0. - References
Affected packages
Git / github.com/vyperlang/vyper
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vyperlang/vyper
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.2.1
Other
pre-release
v0.*
v0.0.4
v0.1.0-beta.1
v0.1.0-beta.10
v0.1.0-beta.11
v0.1.0-beta.12
v0.1.0-beta.13
v0.1.0-beta.14
v0.1.0-beta.15
v0.1.0-beta.16
v0.1.0-beta.17
v0.1.0-beta.2
v0.1.0-beta.3
v0.1.0-beta.4
v0.1.0-beta.5
v0.1.0-beta.6
v0.1.0-beta.7
v0.1.0-beta.8
v0.1.0-beta.9
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.10
v0.3.10rc1
v0.3.10rc2
v0.3.10rc3
v0.3.10rc4
v0.3.10rc5
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0b1
v0.4.0b2
v0.4.0b3
v0.4.0b4
v0.4.0b5
v0.4.0b6
v0.4.0rc1
v0.4.0rc2
v0.4.0rc3
v0.4.0rc4
v0.4.0rc5
v0.4.0rc6