CVE-2023-42441

Exploit

EPSS 0.15%
Veröffentlicht 18.09.2023 21:16:09
Zuletzt bearbeitet 21.11.2024 08:22:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vyperlang ≫ Vyper SwPlatformpython Version >= 0.2.9 < 0.3.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.363

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

CWE-833 Deadlock

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83

Patch

https://github.com/vyperlang/vyper/pull/3605

Patch

Issue Tracking

https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m

Patch

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-42441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42441

EUVD