GHSA-mgv8-gggw-mrg6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mgv8-gggw-mrg6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-mgv8-gggw-mrg6/GHSA-mgv8-gggw-mrg6.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-mgv8-gggw-mrg6
- Aliases
- Related
- Published
- 2023-05-05T22:22:23Z
- Modified
- 2024-11-19T16:47:37.865937Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- vyper vulnerable to storage allocator overflow
- Details
-
Impact
The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following:
owner: public(address) take_up_some_space: public(uint256[10]) buffer: public(uint256[max_value(uint256)]) @external def initialize(): self.owner = msg.sender @external def foo(idx: uint256, data: uint256): self.buffer[idx] = dataPer @toonvanhove, "An attacker can overwrite the owner variable by calling this contract with calldata:
0x04bc52f8 fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff(spaces inserted for readability)0x04bc52f8is the selector forfoo(uint256, uint256), and the last argumentfff...fffis the new value for the owner variable."Patches
patched in 0bb7203b584e771b23536ba065a6efda457161bb
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?
- Database specific
{ "nvd_published_at": "2023-05-08T17:15:12Z", "cwe_ids": [ "CWE-789" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-05-05T22:22:23Z" }- References
-
- https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6
- https://nvd.nist.gov/vuln/detail/CVE-2023-30837
- https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
- https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-76.yaml
- https://github.com/vyperlang/vyper
Affected packages
PyPI / vyper
Package
- Name
- vyper
- View open source insights on deps.dev
- Purl
- pkg:pypi/vyper
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.3.8
Affected versions
0.*
0.1.0b1
0.1.0b2
0.1.0b3
0.1.0b4
0.1.0b5
0.1.0b6
0.1.0b7
0.1.0b8
0.1.0b9
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
0.1.0b16
0.1.0b17
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7