CVE-2024-24564: Vyper's `extract32` can ready dirty memory
(updated )
When using the built-in extract32(b, start)
, if the start
index provided has for side effect to update b
, the byte array to extract 32
bytes from, it could be that some dirty memory is read and returned by extract32
.
As of v0.4.0 (specifically, commit https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f), the compiler will panic instead of generating bytecode.
References
- github.com/advisories/GHSA-4hwq-4cpm-8vmx
- github.com/vyperlang/vyper
- github.com/vyperlang/vyper/blob/10564dcc37756f3d3684b7a91fd8f4325a38c4d8/vyper/builtins/functions.py
- github.com/vyperlang/vyper/blob/10564dcc37756f3d3684b7a91fd8f4325a38c4d8/vyper/builtins/functions.py
- github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f
- github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx
- nvd.nist.gov/vuln/detail/CVE-2024-24564
Detect and mitigate CVE-2024-24564 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →