Out-of-bounds Read in Openzeppelin Openzeppelin-contracts

CVE-2025-54070

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access uninitialized memory when…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (25.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References