CVE-2024-26149
LOWvyperlang/vyper < 0.3.10 - Memory Buffer Overflow in _abi_decode Array Index Handling
Title source: llmDescription
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.
References (1)
Core 1
Core References
Exploit, Patch, Vendor Advisory x_refsource_confirm
https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w
Scores
CVSS v3
3.7
EPSS
0.0059
EPSS Percentile
69.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
Status
published
Products (2)
pypi/vyper
0 - 0.4.0PyPI
vyperlang/vyper
< 0.3.10
Published
Feb 26, 2024
Tracked Since
Feb 18, 2026