CVE-2025-26622
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-26622
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26622.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-26622
- Aliases
- Published
- 2025-02-21T22:15:13Z
- Modified
- 2025-04-09T17:42:03.134081Z
- Summary
- [none]
- Details
-
vyper is a Pythonic Smart Contract Language for the EVM. Vyper
sqrt()builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability. - References
Affected packages
Git / github.com/vyperlang/vyper
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vyperlang/vyper
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.2.1
Other
pre-release
v0.*
v0.0.4
v0.1.0-beta.1
v0.1.0-beta.10
v0.1.0-beta.11
v0.1.0-beta.12
v0.1.0-beta.13
v0.1.0-beta.14
v0.1.0-beta.15
v0.1.0-beta.16
v0.1.0-beta.17
v0.1.0-beta.2
v0.1.0-beta.3
v0.1.0-beta.4
v0.1.0-beta.5
v0.1.0-beta.6
v0.1.0-beta.7
v0.1.0-beta.8
v0.1.0-beta.9
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.10
v0.3.10rc1
v0.3.10rc2
v0.3.10rc3
v0.3.10rc4
v0.3.10rc5
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.0b1
v0.4.0b2
v0.4.0b3
v0.4.0b4
v0.4.0b5
v0.4.0b6
v0.4.0rc1
v0.4.0rc2
v0.4.0rc3
v0.4.0rc4
v0.4.0rc5
v0.4.0rc6
v0.4.1b1
v0.4.1b2
v0.4.1b3
v0.4.1b4
v0.4.1rc1
v0.4.1rc2
v0.4.1rc3