PYSEC-2022-198

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/vyper/PYSEC-2022-198.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-198

Aliases

Published

2022-04-13T22:15:00Z

Modified

2023-11-01T04:58:10.723424Z

Summary

[none]

Details

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of <iface>.returns_int128() is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, <iface>.returns_int128() is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.

References

Affected packages

PyPI / vyper

Package

Name: vyper; View open source insights on deps.dev
Purl: pkg:pypi/vyper

Affected ranges

Type: GIT
Repo: https://github.com/vyperlang/vyper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

049dbdc647b2ce838fae7c188e6bb09cf16e470b

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2

Affected versions

0.*

0.1.0b1

0.1.0b2

0.1.0b3

0.1.0b4

0.1.0b5

0.1.0b6

0.1.0b7

0.1.0b8

0.1.0b9

0.1.0b10

0.1.0b11

0.1.0b12

0.1.0b13

0.1.0b14

0.1.0b15

0.1.0b16

0.1.0b17

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.2.10

0.2.11

0.2.12

0.2.13

0.2.14

0.2.15

0.2.16

0.3.0

0.3.1