CVE-2024-24561

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 1, 2024
Updated: Feb 9, 2024
CWE ID 119
CWE ID 787

Summary

CVE-2024-24561 is a vulnerability affecting the Vyper pythonic Smart Contract Language for the ethereum virtual machine. Versions 0.3.10 and earlier of Vyper are susceptible to a bounds check bypass when non-literal arguments are used for the start or length variable in a slice() function. This can lead to out-of-bounds (OOB) access to storage, memory, or calldata addresses, and also allows for corruption of the length slot of the respective array. The vulnerability has a base severity rating of CRITICAL, with high impact on integrity and confidentiality, as well as a high availability impact. The affected products include multiple versions of uStpn-, sNNrK5, sNNrK4, sNNrK6, sNNrK1, sNNrK0, sNNrK3, sNNrK2, and others. Remediation measures have not been specified in the provided information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24561 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options