Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3hg2-r75x-g69m

GitHub Security Advisory

Vyper has incorrect re-entrancy lock when key is empty string

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

Locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime.

```Vyper
@nonreentrant("") # unprotected
@external
def bar():
pass

@nonreentrant("lock") # protected
@external
def foo():
pass
```
### Patches

Patched in #3605

### Workarounds

The lock name should be a non-empty string.

### References
_Are there any links users can visit to find out more?_

Affected Packages

PyPI vyper
Affected versions: 0.2.9 (fixed in 0.3.10)

Related CVEs

CVE-2023-42441

Key Information

GHSA ID
GHSA-3hg2-r75x-g69m
Published
September 18, 2023 7:20 PM
Last Modified
November 22, 2024 8:35 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
vyper
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.