Out-of-bounds Read in Openzeppelin Openzeppelin-contracts
CVE-2025-54070
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access uninitialized memory when…
Vulnerability class: Buffer Overflow
EPSS: 0.003 (25.2th percentile) — read the EPSS interpretation.
Affected products
- Openzeppelin Openzeppelin-contracts — versions >= 5.2.0, < 5.4.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)