You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
VVE-2021-0001: Memory corruption using function calls within arrays
Moderate severity
GitHub Reviewed
Published
Apr 16, 2021
in
vyperlang/vyper
•
Updated Jan 9, 2023
When performing a function call inside an array, there is a memory corruption issue that occurs because of an incorrect pointer to the the tip of the stack.
Patches
This issue was partially fixed in VVE-2020-0004, however the fix did not update similar code for arrays, which had a similar issue. The issue is fully fixed in vyperlang/vyper#2345
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Learn more on MITRE.
Impact
When performing a function call inside an array, there is a memory corruption issue that occurs because of an incorrect pointer to the the tip of the stack.
Patches
This issue was partially fixed in VVE-2020-0004, however the fix did not update similar code for arrays, which had a similar issue. The issue is fully fixed in vyperlang/vyper#2345
References