7.4
CVE-2024-27094
- EPSS 0.56%
- Veröffentlicht 21.03.2024 02:52:18
- Zuletzt bearbeitet 04.12.2025 20:13:27
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Openzeppelin ≫ Contracts SwPlatformnode.js Version >= 4.5.0 < 4.9.6
Openzeppelin ≫ Contracts SwPlatformnode.js Version >= 5.0.0 < 5.0.2
Openzeppelin ≫ Contracts Upgradeable SwPlatformnode.js Version >= 4.5.0 <= 4.9.6
Openzeppelin ≫ Contracts Upgradeable SwPlatformnode.js Version >= 5.0.0 < 5.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.675 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| security-advisories@github.com | 6.5 | 2.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.