CVE Vulnerability

CVE-2022-29255

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38 Exploit Mitigation
https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:vyper_project:vyper:*:*:*:*:*:*:*:*
Information

Published : 2022-06-09 09:15

Updated : 2022-06-15 05:06

NVD link : CVE-2022-29255

Mitre link : CVE-2022-29255

Products Affected
No products.
CWE
CWE-670