Skip to main content

Vyper CVE-2024-32645

MEDIUM
Improper Input Validation (CWE-20)
2024-04-25 security-advisories@github.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 25, 2024 - 18:15 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 8 pypi packages depend on vyper (3 direct, 5 indirect)

Ecosystem-wide dependent count for version 0.4.0.

DescriptionNVD

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The build_IR function of the RawLog class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.

AnalysisAI

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The build_IR function of the RawLog class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. Affected products include: Vyperlang Vyper.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Vyper

View all
CVE-2024-24563 CRITICAL POC
9.8 Feb 07

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this v

CVE-2024-24561 CRITICAL POC
9.8 Feb 01

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this v

CVE-2024-22419 CRITICAL POC
9.8 Jan 18

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this v

CVE-2022-24845 CRITICAL POC
9.8 Apr 13

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this v

CVE-2023-39363 CRITICAL POC
9.1 Aug 07

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated critical severity (CVSS 9.1),

CVE-2023-31146 CRITICAL POC
9.1 May 11

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated critical severity (CVSS 9.1), this v

CVE-2023-42443 HIGH POC
8.1 Sep 18

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated high severity (CVSS 8.1), this

CVE-2023-42460 HIGH POC
7.5 Sep 27

Vyper is a Pythonic Smart Contract Language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-32059 HIGH POC
7.5 May 11

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne

CVE-2023-32058 HIGH POC
7.5 May 11

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne

CVE-2023-30837 HIGH POC
7.5 May 08

Vyper is a pythonic smart contract language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-30629 HIGH POC
7.5 Apr 24

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulne

Share

CVE-2024-32645 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy