CVE-2022-24788

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.2

Description The issue arises when importing a function from a JSON interface that returns bytes, generating bytecode that does not clamp the bytes length, potentially resulting in a buffer overrun. There are no known real-world incidents or estimated numbers of affected devices mentioned.

Recommendations For versions prior to 0.3.2, upgrade to version 0.3.2 or later to resolve the issue. As a temporary workaround, consider using .vy interfaces instead of importing from JSON interfaces that return bytes.