Security Advisory

CVE-2023-42460

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-26 18:47:09

Last updated 2024-09-24 13:45:05

Assigner GitHub_M

State PUBLISHED

Description

Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.

← Browse all CVEs View on cve.org ↗