CVE-2023-42443
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2023-42443: In versions prior to 0.3.10 of Vyper, the built-ins `raw_call`, `create_from_blueprint`, and `create_copy_of` contain a vulnerability. Under specific conditions, the memory used by these functions can be corrupted, leading to incorrect `calldata` in the sub-context or deploying incorrect bytecode. The memory corruption occurs when complex expressions in the `data`, `value`, or `salt` arguments are used, resulting in writing to memory. No patched version is currently available, and investigations are ongoing to determine if other cases of memory corruption exist. A workaround involves caching complex expressions in memory before calling the built-ins.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Vyperlang Vyper
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions