Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
Published 2023-09-04 18:15:09
Updated 2023-09-08 14:08:27
Source GitHub, Inc.
View at NVD,   CVE.org

Products affected by CVE-2023-41052

Exploit prediction scoring system (EPSS) score for CVE-2023-41052

0.08%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41052

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.3
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.9
1.4
NIST
3.7
LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2.2
1.4
GitHub, Inc.

CWE ids for CVE-2023-41052

  • The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
    Assigned by:
    • nvd@nist.gov (Primary)
    • security-advisories@github.com (Secondary)

References for CVE-2023-41052

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!