CVE-2024-24561

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-24561
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24561.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-24561
Aliases
Published
2024-02-01T16:37:01.007Z
Modified
2026-04-09T09:59:54.275643Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Vyper bounds check on built-in `slice()` function can be overflowed
Details

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-119"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24561.json"
}
References

Affected packages

Git / github.com/vyperlang/vyper

Affected ranges

Type
GIT
Repo
https://github.com/vyperlang/vyper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9136169468f317a53b4e7448389aa315f90b95ba
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.10"
        }
    ]
}

Affected versions

0.*
0.2.1
Other
pre-release
v0.*
v0.0.4
v0.1.0-beta.1
v0.1.0-beta.10
v0.1.0-beta.11
v0.1.0-beta.12
v0.1.0-beta.13
v0.1.0-beta.14
v0.1.0-beta.15
v0.1.0-beta.16
v0.1.0-beta.17
v0.1.0-beta.2
v0.1.0-beta.3
v0.1.0-beta.5
v0.1.0-beta.6
v0.1.0-beta.7
v0.1.0-beta.8
v0.1.0-beta.9
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.10
v0.3.10rc1
v0.3.10rc2
v0.3.10rc3
v0.3.10rc4
v0.3.10rc5
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24561.json"