CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-25 18:15

Updated : 2024-04-26 12:58

NVD link : CVE-2024-32649

Mitre link : CVE-2024-32649

CVE.ORG link : CVE-2024-32649

JSON object : View

Products Affected

No product.

CWE

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

{"id": "CVE-2024-32649", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-25T18:15:09.350", "references": [{"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-95"}]}], "descriptions": [{"lang": "en", "value": "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.\n"}, {"lang": "es", "value": "Vyper es un lenguaje de contrato inteligente pit\u00f3nico para la m\u00e1quina virtual Ethereum. En las versiones 0.3.10 y anteriores, el uso de la funci\u00f3n incorporada `sqrt` puede generar una vulnerabilidad de doble evaluaci\u00f3n cuando el argumento tiene efectos secundarios. Se puede ver que la funci\u00f3n `build_IR` del incorporado `sqrt` no almacena en cach\u00e9 el argumento en la pila. Como tal, se puede evaluar varias veces (en lugar de recuperar el valor de la pila). No se encontraron contratos de producci\u00f3n vulnerables. Adem\u00e1s, la doble evaluaci\u00f3n de los efectos secundarios deber\u00eda poder descubrirse f\u00e1cilmente en las pruebas de los clientes. Como tal, el impacto es bajo. Al momento de la publicaci\u00f3n, no hay versiones fijas disponibles."}], "lastModified": "2024-04-26T12:58:17.720", "sourceIdentifier": "security-advisories@github.com"}