PYSEC-2018-96

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/py-evm/PYSEC-2018-96.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2018-96

Aliases

Published

2018-11-12T02:29:00Z

Modified

2023-11-01T04:49:14.355576Z

Summary

[none]

Details

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."

References

Affected packages

PyPI / py-evm

Package

Name: py-evm; View open source insights on deps.dev
Purl: pkg:pypi/py-evm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.0a33

Affected versions

0.*

0.2.0a1

0.2.0a3

0.2.0a5

0.2.0a7

0.2.0a8

0.2.0a9

0.2.0a10

0.2.0a11

0.2.0a12

0.2.0a13

0.2.0a14

0.2.0a15

0.2.0a16

0.2.0a17

0.2.0a18

0.2.0a19

0.2.0a20

0.2.0a21

0.2.0a22

0.2.0a24

0.2.0a25

0.2.0a26

0.2.0a28

0.2.0a29

0.2.0a30

0.2.0a31

0.2.0a32