Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.
History

Tue, 24 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-26T18:47:09.721Z

Updated: 2024-09-24T13:45:05.798Z

Reserved: 2023-09-08T20:57:45.574Z

Link: CVE-2023-42460

cve-icon Vulnrichment

Updated: 2024-08-02T19:23:38.895Z

cve-icon NVD

Status : Modified

Published: 2023-09-27T15:19:32.543

Modified: 2024-11-21T08:22:34.977

Link: CVE-2023-42460

cve-icon Redhat

No data.