CVE-2021-41122

Published: Oct 5, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.

Affected (1)

Products: Vyperlang: Vyper

Vyperlang

1 product

Vyper

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vyperlang Vyper	Before 0.3.0

Related CWEs

CWE-682

Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References (4)

https://github.com/vyperlang/vyper/pull/2447

Source: security-advisories@github.com

Third Party Advisory

https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/vyperlang/vyper/pull/2447

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.