Home > Vulnerability Database > CVE-2023-30837

Mend.io Vulnerability Database

CVE-2023-30837

Good to know:

Date: May 8, 2023

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

Language: Python

Severity Score

7.5

Related Resources (6)

Url: https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-76.yaml

Url: https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb

Url: https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30837

Url: https://github.com/vyperlang/vyper

Url: https://www.mend.io/vulnerability-database/CVE-2023-30837

Severity Score

7.5

Weakness Type (CWE)

Memory Allocation with Excessive Size Value

CWE-789

Top Fix

Upgrade Version

Upgrade to version vyper - 0.3.8

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30837

Good to know:

Date: May 8, 2023

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?