Lucene search
Veracode Vulnerability DatabaseVERACODE:45256HistoryJan 31, 2024 - 8:17 a.m.
Improper Input Validation
2024-01-3108:17:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
input validation
vyper
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
17.0%
vyper is vulnerable to Improper Input Validation. The vulnerability is due to the vyper compiler passing a value in builtin raw_call even if the call is a delegatecall or a staticcall and vyper will silently ignore the value= argument.
Related
nvd
nvd
CVE-2024-24567
2024-01-30 21:15:08
github
github
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
2024-01-30 18:42:28
prion
prion
Code injection
2024-01-30 21:15:00
osv
osv
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
2024-01-30 18:42:28
cvelist
cvelist
cve
cve
CVE-2024-24567
2024-01-30 21:15:08
githubexploit
githubexploit
Exploit for Improper Check for Unusual or Exceptional Conditions in Vyperlang Vyper
2024-04-10 10:27:55
Exploit for CVE-2024-24576
2024-04-10 10:27:55
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for VERACODE:45256