Skip to main content

Vyper CVE-2023-42441

MEDIUM
Deadlock (CWE-833)
2023-09-18 security-advisories@github.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 18, 2023 - 21:16 nvd
MEDIUM 5.3

DescriptionNVD

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant("") or @nonreentrant('') do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.

AnalysisAI

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-833. Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant("") or @nonreentrant('') do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string. Affected products include: Vyperlang Vyper. Version information: version 0.2.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Vyper

View all
CVE-2024-24563 CRITICAL POC
9.8 Feb 07

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this v

CVE-2024-24561 CRITICAL POC
9.8 Feb 01

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this v

CVE-2024-22419 CRITICAL POC
9.8 Jan 18

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this v

CVE-2022-24845 CRITICAL POC
9.8 Apr 13

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this v

CVE-2023-39363 CRITICAL POC
9.1 Aug 07

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated critical severity (CVSS 9.1),

CVE-2023-31146 CRITICAL POC
9.1 May 11

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated critical severity (CVSS 9.1), this v

CVE-2023-42443 HIGH POC
8.1 Sep 18

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated high severity (CVSS 8.1), this

CVE-2023-42460 HIGH POC
7.5 Sep 27

Vyper is a Pythonic Smart Contract Language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-32059 HIGH POC
7.5 May 11

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne

CVE-2023-32058 HIGH POC
7.5 May 11

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne

CVE-2023-30837 HIGH POC
7.5 May 08

Vyper is a pythonic smart contract language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-30629 HIGH POC
7.5 Apr 24

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne

Share

CVE-2023-42441 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy