Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
References
Link | Resource |
---|---|
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | Patch |
https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-05-08T16:03:06.162Z
Updated: 2023-05-08T16:03:06.162Z
Reserved: 2023-04-18T16:13:15.879Z
Link: CVE-2023-30837
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-08T17:15:12.007
Modified: 2023-08-02T16:22:18.663
Link: CVE-2023-30837
JSON object: View
Redhat Information
No data.
CWE