CVE-2024-27094

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions prior to 4.9.6 OpenZeppelin Contracts versions prior to 5.0.2

Description The Base64.encode function in OpenZeppelin Contracts encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. Although the encode function pads the output for these cases, up to 4 bits of data are kept between the encoding and padding, corrupting the output if these bits were dirty. This issue can occur more frequently in certain scenarios, such as when a bytes memory struct is allocated just after the input and the first bytes of it are non-zero, or when the memory pointer is set to a non-empty memory location before allocating the input. Developers should evaluate whether the extra bits can be maliciously manipulated by an attacker.

Recommendations For versions prior to 4.9.6, upgrade to 4.9.6. For versions prior to 5.0.2, upgrade to 5.0.2. As a temporary workaround, consider restricting the use of the Base64.encode function until a patch is applied.