HIGH🇵🇱 Wersja polska

CVE-2023-32059

CVSS 7.5v3.1pub. 2023-05-11upd. 2024-11-21

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Vyperlang Vyper

    APP
    Vyperlang
    < 0.3.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24563CRITICAL9.8PL ✓ten sam produkt

Vyper: nieprawidłowa walidacja indeksu tablicy — dostęp przez liczby ujemne

CVE-2024-24561CRITICAL9.8PL ✓ten sam produkt

Przepełnienie granic w funkcji slice() języka Vyper — dostęp OOB

CVE-2023-39363CRITICAL9.1ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16...

CVE-2024-22419HIGH7.3ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write ...

CVE-2023-46247HIGH7.5ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large...