CVSS Score of 10 (low)


Published Jun 14, 2023
Updated: Jun 28, 2023
CWE ID 754
CWE ID 253


CVE-2023-34449 is a vulnerability affecting ink!, an embedded domain-specific language used to write smart contracts in Rust for blockchains built on the Substrate framework. The bug occurs in versions 4.0.0 to 4.2.1, where the return value when using delegate call mechanics is decoded incorrectly. This issue was resolved in ink! 4.2.1, and users with ink! 4.x series contracts are advised to upgrade to this version to receive the patch. The vulnerability has a medium severity rating and a CVSS score of 5.3, indicating low integrity impact and no confidentiality impact, with no privileges required for exploitation.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-34449 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options