CVE-2025-54070

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions 5.2.0 through 5.3.9

Description The lastIndexOf(bytes,byte,uint256) function within the Bytes.sol library may access uninitialized memory under specific conditions. This occurs when the provided buffer length is empty (buffer.length == 0) and the position (pos) is not equal to the maximum value for an unsigned 256-bit integer (type(uint256).max). The pos argument could be used to access data outside the intended buffer boundaries, potentially leading to out-of-gas errors or the return of an invalid index. The function reads memory at offset buffer + 0x20 + pos. If the memory at that location matches the search pattern, the function returns an out-of-bounds index instead of the expected maximum value. Code relying on the function returning type(uint256).max for empty buffers or using the returned index without bounds checking may exhibit undefined behavior.

Recommendations OpenZeppelin Contracts versions 5.2.0 through 5.3.9: Upgrade to version 5.4.0.