CVE-2024-27094

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 21, 2024
CWE ID 125

Summary

CVE-2024-27094 is a vulnerability affecting OpenZeppelin Contracts, a popular library for secure smart contract development. The issue lies in the `Base64.encode` function, which encodes input in chunks of three bytes. However, when the input length is not a multiple of three, the last iteration may access memory beyond the intended input buffer. This vulnerability has been addressed in versions 5.0.2 and 4.9.6.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share