CVE-2023-42441

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 18, 2023

Updated: Sep 21, 2023

CWE ID 667

CWE ID 833

Summary

CVE-2023-42441 affects Vyper, a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Between versions 0.2.9 and 0.3.10, locks with empty string names `@nonreentrant("")` or `@nonreentrant(\'\')` did not trigger reentrancy checks at runtime. This vulnerability, now resolved in version 0.3.10, could potentially lead to security issues if a contract is not properly secured. To mitigate this risk, it is advised to ensure that the lock name is a non-empty string.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vyperlang Vyper

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/soU2Jo
https://www.cve.org/CVERecord?id=CVE-2023-42441
https://nvd.nist.gov/vuln/detail/CVE-2023-42441

Back to Vulnerability Database

CVE-2023-42441

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations