Executive Summary

Informations
Name CVE-2023-41052 First vendor Publication 2023-09-04
Vendor Cve Last vendor Modification 2023-09-08

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Overall CVSS Score 5.3
Base Score 5.3 Environmental Score 5.3
impact SubScore 1.4 Temporal Score 5.3
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41052

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-670 Always-Incorrect Control Flow Implementation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

Sources (Detail)

Source Url
MISC https://github.com/vyperlang/vyper/pull/3583
https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2023-09-08 21:27:24
  • Multiple Updates
2023-09-05 13:27:32
  • Multiple Updates
2023-09-05 05:27:19
  • First insertion