CVE-2021-41121
HIGHvyperlang/vyper < 0.3.0 - Memory Corruption via Function Call in Literal Struct
Title source: llmDescription
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/vyperlang/vyper/pull/2447
Third Party Advisory x_refsource_confirm
https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv
Scores
CVSS v3
7.5
EPSS
0.0104
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
pypi/vyper
0 - 0.3.0PyPI
vyperlang/vyper
< 0.3.0
Published
Oct 06, 2021
Tracked Since
Feb 18, 2026