PYSEC-2023-78
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/vyper/PYSEC-2023-78.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2023-78
- Aliases
- Published
- 2023-05-11T21:15:00Z
- Modified
- 2023-11-01T05:02:02.730211Z
- Summary
- [none]
- Details
-
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type
for i in range(a, a + N)as in loops of typefor i in range(start, stop)andfor i in range(stop), the compiler is able to raise aTypeMismatchwhen trying to overflow the variable. The problem has been patched in version 0.3.8. - References
Affected packages
PyPI / vyper
Package
- Name
- vyper
- View open source insights on deps.dev
- Purl
- pkg:pypi/vyper
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vyperlang/vyper
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.3.8
Affected versions
0.*
0.1.0b1
0.1.0b2
0.1.0b3
0.1.0b4
0.1.0b5
0.1.0b6
0.1.0b7
0.1.0b8
0.1.0b9
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
0.1.0b16
0.1.0b17
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7