What is CVE-2023-30837?

CVE-2023-30837 is a high-severity vulnerability in Vyperlang Vyper, classified under CWE-789. CVSS score: 7.5/10. Published 2023-05-08.

How severe is CVE-2023-30837?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Vyperlang Vyper

CVE-2023-30837

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

EPSS: 0.002 (48.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Vyperlang Vyper — versions < 0.3.8

Weakness classification (CWE)

CWE-789

References

https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6 (x_refsource_CONFIRM)
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-30837?: CVE-2023-30837 is a high-severity vulnerability in Vyperlang Vyper, classified under CWE-789. CVSS score: 7.5/10. Published 2023-05-08.
How severe is CVE-2023-30837?: High severity. CVSS v3 base score is 7.5 out of 10.