PT-2023-28342 · Vyper · Vyper

Charles-Cooper

Publicado

2023-09-18

Atualizado

2023-09-21

CVE-2023-42441

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vyper versions 0.2.9 through 0.3.9

Description The issue concerns locks of the type @nonreentrant("") or @nonreentrant('') that do not produce reentrancy checks at runtime. This can be mitigated by ensuring the lock name is a non-empty string.

Recommendations For versions 0.2.9 through 0.3.9, ensure the lock name is a non-empty string as a workaround until the issue is resolved by updating to version 0.3.10 or later. For version 0.3.10 and later, no additional action is required as the issue is fixed in this version.

Exploit

Correção

Improper Locking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-667CWE-833

Identificadores relacionados

CVE-2023-42441

GHSA-3HG2-R75X-G69M

PYSEC-2023-305

Produtos afetados

Vyper

PT-2023-28342 · Vyper · Vyper

CVE-2023-42441

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13