CVE-2024-24561

{"id": "CVE-2024-24561", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-01T17:15:11.180", "references": [{"url": "https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vyperlang/vyper/issues/3756", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.\n\n"}, {"lang": "es", "value": "Vyper es un lenguaje de contrato inteligente de python para la m\u00e1quina virtual ethereum. En las versiones 0.3.10 y anteriores, la verificaci\u00f3n de los l\u00edmites para sectores no tiene en cuenta la capacidad de inicio + longitud de desbordarse cuando los valores no son literales. Si una funci\u00f3n slice() utiliza un argumento no literal para la variable de inicio o longitud, esto crea la capacidad para que un atacante desborde la verificaci\u00f3n de los l\u00edmites. Este problema se puede utilizar para realizar acceso OOB a direcciones de almacenamiento, memoria o datos de llamada. Tambi\u00e9n se puede utilizar para corromper la ranura de longitud de la matriz respectiva."}], "lastModified": "2024-02-09T20:21:23.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "832C489D-4288-46B4-A29E-0E7168748042", "versionEndIncluding": "0.3.10"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}