CVE-2024-24561
CRITICALvyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Buffer Overflow via Slice Bounds Check
Title source: llmDescription
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
References (3)
Core 3
Core References
Issue Tracking x_refsource_misc
https://github.com/vyperlang/vyper/issues/3756
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c
Scores
CVSS v3
9.8
EPSS
0.0119
EPSS Percentile
79.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-119
CWE-787
Status
published
Products (2)
pypi/vyper
0 - 0.4.0PyPI
vyperlang/vyper
< 0.3.10
Published
Feb 01, 2024
Tracked Since
Feb 18, 2026