CVE - CVE-2023-31146

CVE-ID
CVE-2023-31146	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb URL:https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20230424	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230424)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)