CVE-2023-46247 (GCVE-0-2023-46247)
Vulnerability from cvelistv5
Published
2023-12-13 19:39
Modified
2024-08-02 20:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"
},
{
"name": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"
},
{
"name": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vyper",
"vendor": "vyperlang",
"versions": [
{
"status": "affected",
"version": "\u003c 0.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (\u003e 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682: Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:39:22.626Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"
},
{
"name": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"
},
{
"name": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"
}
],
"source": {
"advisory": "GHSA-6m97-7527-mh74",
"discovery": "UNKNOWN"
},
"title": "Vyper has incorrect storage layout for contracts containing large arrays"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46247",
"datePublished": "2023-12-13T19:39:22.626Z",
"dateReserved": "2023-10-19T20:34:00.948Z",
"dateUpdated": "2024-08-02T20:37:40.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…