Vulnerability Details CVE-2023-30837
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
- https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6
- https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
- https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6
Products affected by CVE-2023-30837
-
cpe:2.3:a:vyperlang:vyper:0.0.4
-
cpe:2.3:a:vyperlang:vyper:0.1.0
-
cpe:2.3:a:vyperlang:vyper:0.2.0
-
cpe:2.3:a:vyperlang:vyper:0.2.1
-
cpe:2.3:a:vyperlang:vyper:0.2.10
-
cpe:2.3:a:vyperlang:vyper:0.2.11
-
cpe:2.3:a:vyperlang:vyper:0.2.12
-
cpe:2.3:a:vyperlang:vyper:0.2.13
-
cpe:2.3:a:vyperlang:vyper:0.2.14
-
cpe:2.3:a:vyperlang:vyper:0.2.15
-
cpe:2.3:a:vyperlang:vyper:0.2.16
-
cpe:2.3:a:vyperlang:vyper:0.2.2
-
cpe:2.3:a:vyperlang:vyper:0.2.3
-
cpe:2.3:a:vyperlang:vyper:0.2.4
-
cpe:2.3:a:vyperlang:vyper:0.2.5
-
cpe:2.3:a:vyperlang:vyper:0.2.6
-
cpe:2.3:a:vyperlang:vyper:0.2.7
-
cpe:2.3:a:vyperlang:vyper:0.2.8
-
cpe:2.3:a:vyperlang:vyper:0.2.9
-
cpe:2.3:a:vyperlang:vyper:0.3.0
-
cpe:2.3:a:vyperlang:vyper:0.3.1
-
cpe:2.3:a:vyperlang:vyper:0.3.2
-
cpe:2.3:a:vyperlang:vyper:0.3.3
-
cpe:2.3:a:vyperlang:vyper:0.3.4
-
cpe:2.3:a:vyperlang:vyper:0.3.5
-
cpe:2.3:a:vyperlang:vyper:0.3.6
-
cpe:2.3:a:vyperlang:vyper:0.3.7