CVE-2023-30837

CVSS V2 None CVSS V3 None

Description

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

Overview

CVE ID
CVE-2023-30837

Assigner
security-advisories@github.com

Vulnerability Status
Received

Published Version
2023-05-08T17:15:12

Last Modified Date
2023-05-08T17:15:12

Weakness Enumerations

CWE	URL
CWE-789	http://cwe.mitre.org/data/definitions/789.html

References

Reference URL	Reference Tags
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-30837
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30837

History

Created	Old Value	New Value	Data Type	Notes
2023-05-08 18:00:36				Added to TrackCVE
2023-05-08 18:00:38			Weakness Enumeration	new