CVE-2024-24561

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 1, 2024

Updated: Feb 9, 2024

CWE ID 119

CWE ID 787

Summary

CVE-2024-24561 is a vulnerability affecting Vyper, a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and prior, Vyper's slice function does not properly check bounds when the start or length arguments are not literals. An attacker can exploit this issue to overflow the bounds check, resulting in out-of-bounds (OOB) access to storage, memory, or calldata addresses. This vulnerability can also be used to corrupt the length slot of the respective array.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vyperlang Vyper

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uR5nqo
https://www.cve.org/CVERecord?id=CVE-2024-24561
https://nvd.nist.gov/vuln/detail/CVE-2024-24561

Back to Vulnerability Database

CVE-2024-24561

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations