7.5

CVE-2023-32059

Exploit

EPSS 0.06%
Veröffentlicht 11.05.2023 22:15:11
Zuletzt bearbeitet 21.11.2024 08:02:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vyperlang ≫ Vyper Version < 0.3.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-683 Function Call With Incorrect Order of Arguments

The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.

https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac

Patch

https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-32059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32059

EUVD