Home > Vulnerability Database > CVE-2024-38533

Mend.io Vulnerability Database

CVE-2024-38533

Good to know:

Date: June 28, 2024

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0.

Language: RUST

Severity Score

6.5

Related Resources (3)

Url: https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-q7pg-6jh9-87gv

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-38533

Url: https://www.mend.io/vulnerability-database/CVE-2024-38533

Severity Score

6.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version 1.5.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-38533

Good to know:

Date: June 28, 2024

Language: RUST

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?