Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36769?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36769?format=api", "vulnerability_id": "VCID-pcsz-xwb8-7yh4", "summary": "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue.", "aliases": [ { "alias": "CVE-2024-32481" }, { "alias": "GHSA-ppx5-q359-pvwj" }, { "alias": "PYSEC-2024-246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38752?format=api", "purl": "pkg:pypi/vyper@0.4.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.4.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/40340?format=api", "purl": "pkg:pypi/vyper@0.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.4.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33500?format=api", "purl": "pkg:pypi/vyper@0.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/35067?format=api", "purl": "pkg:pypi/vyper@0.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35619?format=api", "purl": "pkg:pypi/vyper@0.3.10rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35875?format=api", "purl": "pkg:pypi/vyper@0.3.10rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35876?format=api", "purl": "pkg:pypi/vyper@0.3.10rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35877?format=api", "purl": "pkg:pypi/vyper@0.3.10rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35878?format=api", "purl": "pkg:pypi/vyper@0.3.10rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35879?format=api", "purl": "pkg:pypi/vyper@0.3.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10" } ], "references": [ { "reference_url": "https://github.com/vyperlang/vyper", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vyperlang/vyper" }, { "reference_url": "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287" }, { "reference_url": "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868" }, { "reference_url": "https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5" }, { "reference_url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32481", "reference_id": "CVE-2024-32481", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32481" }, { "reference_url": "https://github.com/advisories/GHSA-ppx5-q359-pvwj", "reference_id": "GHSA-ppx5-q359-pvwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ppx5-q359-pvwj" } ], "weaknesses": [ { "cwe_id": 681, "name": "Incorrect Conversion between Numeric Types", "description": "When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "5.3 - 5.3", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcsz-xwb8-7yh4" }