National Cyber Warfare Foundation (NCWF) Forums


CVE-2023-42460


0 user ratings		2023-09-27 16:31:38
milo
CVEs
 - archive -- 
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.

CVE-2023-42460
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42460
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.
2023-09-27T15:19:32Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42460

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
CVEs


© Copyright 2012 through 2024 - National Cyber War Foundation - All rights reserved worldwide.