Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mgv8-gggw-mrg6

GitHub Security Advisory

vyper vulnerable to storage allocator overflow

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following:
```vyper
owner: public(address)
take_up_some_space: public(uint256[10])
buffer: public(uint256[max_value(uint256)])

@external
def initialize():
self.owner = msg.sender

@external
def foo(idx: uint256, data: uint256):
self.buffer[idx] = data
```
Per @toonvanhove, "An attacker can overwrite the owner variable by calling this contract with calldata: `0x04bc52f8 fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` (spaces inserted for readability)
`0x04bc52f8` is the selector for `foo(uint256, uint256)`, and the last argument `fff...fff` is the new value for the owner variable."

### Patches
patched in 0bb7203b584e771b23536ba065a6efda457161bb

### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_

### References
_Are there any links users can visit to find out more?_

Affected Packages

PyPI vyper
Affected versions: 0 (fixed in 0.3.8)

Related CVEs

CVE-2023-30837

Key Information

GHSA ID
GHSA-mgv8-gggw-mrg6
Published
May 5, 2023 10:22 PM
Last Modified
November 19, 2024 4:31 PM
CVSS Score
7.5 /10
Primary Ecosystem
PyPI
Primary Package
vyper
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.