References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluat

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

GitHub, Inc. CWE-20

GitHub, Inc. https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m [No types assigned]