What is CVE-2023-46247?

CVE-2023-46247 is a high-severity vulnerability in Vyperlang Vyper, classified under Off-by-one Error. CVSS score: 7.5/10. Published 2023-12-13.

How severe is CVE-2023-46247?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Vyperlang Vyper

CVE-2023-46247

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a st…

EPSS: 0.003 (56.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Vyperlang Vyper — versions < 0.3.8

Weakness classification (CWE)

References

https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74 (x_refsource_CONFIRM)
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb (x_refsource_MISC)
https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-46247?: CVE-2023-46247 is a high-severity vulnerability in Vyperlang Vyper, classified under Off-by-one Error. CVSS score: 7.5/10. Published 2023-12-13.
How severe is CVE-2023-46247?: High severity. CVSS v3 base score is 7.5 out of 10.