CVE-2023-42441

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vyper versions 0.2.9 through 0.3.9

Description The issue concerns locks of the type @nonreentrant("") or @nonreentrant('') that do not produce reentrancy checks at runtime. This can be mitigated by ensuring the lock name is a non-empty string.

Recommendations For versions 0.2.9 through 0.3.9, ensure the lock name is a non-empty string as a workaround until the issue is resolved by updating to version 0.3.10 or later. For version 0.3.10 and later, no additional action is required as the issue is fixed in this version.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-833

Related Identifiers

CVE-2023-42441

GHSA-3HG2-R75X-G69M

PYSEC-2023-305

Affected Products

Vyper

CVE-2023-42441

Weakness Enumeration

Related Identifiers

Affected Products

References · 13