CVE-2026-32322
- EPSS 0.02%
- Veröffentlicht 12.03.2026 21:39:38
- Zuletzt bearbeitet 19.03.2026 13:37:47
soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modu...
CVE-2026-26267
- EPSS 0.05%
- Veröffentlicht 19.02.2026 19:35:40
- Zuletzt bearbeitet 20.02.2026 19:49:23
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style calls...
CVE-2026-24889
- EPSS 0.02%
- Veröffentlicht 28.01.2026 22:01:00
- Zuletzt bearbeitet 02.03.2026 18:28:26
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`...