GHSA-xv8x-pr4h-73jv

Source

https://github.com/advisories/GHSA-xv8x-pr4h-73jv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-xv8x-pr4h-73jv/GHSA-xv8x-pr4h-73jv.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xv8x-pr4h-73jv

Aliases

Related

CVE-2021-41121

Published

2021-10-12T15:59:29Z

Modified

2024-11-18T23:00:59.606997Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Memory corruption when returning a literal struct with a private call inside of it

Details

Impact

When performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack.

Patches

0.3.0 / #2447

Database specific

{
    "nvd_published_at": "2021-10-06T18:15:00Z",
    "cwe_ids": [
        "CWE-119"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-06T17:47:24Z"
}

References

Affected packages

PyPI / vyper

Package

Name: vyper; View open source insights on deps.dev
Purl: pkg:pypi/vyper

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0

Affected versions

0.*

0.1.0b1

0.1.0b2

0.1.0b3

0.1.0b4

0.1.0b5

0.1.0b6

0.1.0b7

0.1.0b8

0.1.0b9

0.1.0b10

0.1.0b11

0.1.0b12

0.1.0b13

0.1.0b14

0.1.0b15

0.1.0b16

0.1.0b17

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.2.10

0.2.11

0.2.12

0.2.13

0.2.14

0.2.15

0.2.16