Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-26149

LOW
Published 2024-02-26T20:16:01.688Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-26149. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
3.7
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.193
Higher than 19.3% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
NONE
Availability
NONE

Description

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

vyperlang

vyper

Affected Versions:

<= 0.3.10
vyperlang

vyper

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

Vyper's `_abi_decode` vulnerable to Memory Overflow

GHSA-9p8r-4xp4-gw5w

Advisory Details

## Summary If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to bugs in contracts that use arrays within `_abi_decode`. The advisory has been assigned low severity, because it is only observable if there is a memory write between two invocations of `abi_decode` on the same input. ## Proof of Concept ```vyper event Pwn: pass @external def f(x: Bytes[32 * 3]): a: Bytes[32] = b"foo" y: Bytes[32 * 3] = x decoded_y1: Bytes[32] = _abi_decode(y, Bytes[32]) a = b"bar" decoded_y2: Bytes[32] = _abi_decode(y, Bytes[32]) if decoded_y1 != decoded_y2: log Pwn() ``` Sending the following calldata results in `Pwn` being emitted. ``` 0xd45754f8 0000000000000000000000000000000000000000000000000000000000000020 0000000000000000000000000000000000000000000000000000000000000060 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa0 ``` ### Patches Patched in https://github.com/vyperlang/vyper/pull/3925, https://github.com/vyperlang/vyper/pull/4091, https://github.com/vyperlang/vyper/pull/4144, https://github.com/vyperlang/vyper/pull/4060.

Affected Packages

PyPI vyper
ECOSYSTEM: ≥0 <0.4.0

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

WEB https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-26149
WEB https://github.com/vyperlang/vyper/pull/3925
WEB https://github.com/vyperlang/vyper/pull/4060
WEB https://github.com/vyperlang/vyper/pull/4091
WEB https://github.com/vyperlang/vyper/pull/4144
WEB https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2024-164.yaml
PACKAGE https://github.com/vyperlang/vyper

Advisory provided by GitHub Security Advisory Database. Published: February 26, 2024, Modified: January 17, 2025

References

https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w
Published: 2024-02-26T20:16:01.688Z
Last Modified: 2024-08-22T20:44:05.129Z
Copied to clipboard!