Vyper
CVE-2024-26149
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 8 pypi packages depend on vyper (3 direct, 5 indirect)
Ecosystem-wide dependent count for version 0.4.0.
DescriptionNVD
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in _abi_decode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within _abi_decode. This vulnerability affects 0.3.10 and earlier versions.
AnalysisAI
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in _abi_decode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within _abi_decode. This vulnerability affects 0.3.10 and earlier versions. Affected products include: Vyperlang Vyper.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this v
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this v
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this v
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this v
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated critical severity (CVSS 9.1),
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated critical severity (CVSS 9.1), this v
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated high severity (CVSS 8.1), this
Vyper is a Pythonic Smart Contract Language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne
Vyper is a pythonic smart contract language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today