GMS-2021-14: VVE-2021-0001: Memory corruption using function calls within arrays

April 19, 2021

When performing a function call inside an array, there is a memory corruption issue that occurs because of an incorrect pointer to the the tip of the stack.

Patches

This issue was partially fixed in VVE-2020-0004 however the fix did not update similar code for arrays, which had a similar issue. The issue is fully fixed in https://github.com/vyperlang/vyper/pull/2345

References

github.com/advisories/GHSA-22wc-c9wj-6q2v
github.com/vyperlang/vyper/commit/11b7b5b7e59bc9dc859d51cd41a924b59fe47c9e
github.com/vyperlang/vyper/pull/2345
github.com/vyperlang/vyper/security/advisories/GHSA-22wc-c9wj-6q2v
pypi.org/project/vyper

Detect and mitigate GMS-2021-14 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →