CVE-2024-32645

EPSS 0.45%
Veröffentlicht 25.04.2024 18:15:08
Zuletzt bearbeitet 02.01.2025 22:52:27
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

vyper performs incorrect topic logging in raw_log

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vyperlang ≫ Vyper SwPlatformpython Version < 0.4.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.358

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-32645

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32645

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32645

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32645