CVSS 3.1 Score 5.3 of 10 (medium)


Published Sep 4, 2023
Updated: Sep 8, 2023
CWE ID 670


CVE-2023-40015 is a vulnerability in the Vyper programming language for smart contracts. This vulnerability affects multiple products and is categorized as a medium severity issue. The vulnerability occurs when the compiler evaluates certain expressions from right to left instead of left to right, which can lead to side effects that other arguments depend on. The affected expressions include bitwise operators, state modifying calls, and certain array operations. As of now, there is no patch available for this vulnerability. To mitigate the risk, users are advised to ensure that the arguments of the expressions do not produce any side effects or dependencies.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-40015 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options