Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-09-26T18:47:09.721Z
Updated: 2024-08-02T19:23:38.895Z
Reserved: 2023-09-08T20:57:45.574Z
Link: CVE-2023-42460
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-27T15:19:32.543
Modified: 2023-09-29T18:41:31.073
Link: CVE-2023-42460
Redhat
No data.