CVE-2023-46247 - Vulnerability Details

Vendors	Products
Vyperlang	Vyper

Link	Providers
https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46247", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-19T20:34:00.948Z", "datePublished": "2023-12-13T19:39:22.626Z", "dateUpdated": "2024-08-02T20:37:40.156Z"}, "containers": {"cna": {"title": "Vyper has incorrect storage layout for contracts containing large arrays", "problemTypes": [{"descriptions": [{"cweId": "CWE-193", "lang": "en", "description": "CWE-193: Off-by-one Error", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-682", "lang": "en", "description": "CWE-682: Incorrect Calculation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"}, {"name": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", "tags": ["x_refsource_MISC"], "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"}, {"name": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", "tags": ["x_refsource_MISC"], "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"}], "affected": [{"vendor": "vyperlang", "product": "vyper", "versions": [{"version": "< 0.3.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-13T19:39:22.626Z"}, "descriptions": [{"lang": "en", "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8."}], "source": {"advisory": "GHSA-6m97-7527-mh74", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.156Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"}, {"name": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"}, {"name": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", "matchCriteriaId": "CE735083-742D-4FFC-922C-71E242E471F3", "versionEndExcluding": "0.3.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8."}, {"lang": "es", "value": "Vyper es un lenguaje de contrato inteligente pit\u00f3nico para la m\u00e1quina virtual Ethereum (EVM). Los contratos que contienen matrices grandes podr\u00edan subasignar la cantidad de ranuras que necesitan en 1. Antes de v0.3.8, el c\u00e1lculo para determinar cu\u00e1ntas ranuras necesitaba una variable de almacenamiento usaba `math.ceil(type_.size_in_bytes / 32)`. El paso de punto flotante intermedio puede producir un error de redondeo si hay suficientes bits configurados en la mantisa IEEE-754. En t\u00e9rminos generales, si `type_.size_in_bytes` es grande (> 2**46) y ligeramente menor que una potencia de 2, el c\u00e1lculo puede sobrestimar cu\u00e1ntas ranuras se necesitan por 1. Si `type_.size_in_bytes` es ligeramente mayor que una potencia de 2, el c\u00e1lculo puede subestimar cu\u00e1ntas ranuras se necesitan por 1. Este problema se solucion\u00f3 en la versi\u00f3n 0.3.8."}], "id": "CVE-2023-46247", "lastModified": "2024-11-21T08:28:09.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-13T20:15:49.360", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}, {"lang": "en", "value": "CWE-682"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object