CVSS 3.1 Score 7.3 of 10 (high)


Published Jan 18, 2024
Updated: Jan 26, 2024
CWE ID 787
CWE ID 120


CVE-2024-22419 is a vulnerability in the Vyper programming language for Ethereum Virtual Machine. The vulnerability is caused by the concat built-in function, which can write beyond the bounds of the allocated memory buffer and overwrite valid data. This buffer overflow can lead to a change in the contract's semantics. While no vulnerable contracts were found in production, it is important to update to commit 55e18f6d1 to address this issue in future releases. The vulnerability affects multiple products using Vyper, and its potential danger to an organization lies in the possibility of overwritten valid data and altered contract behavior.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22419 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options