CVE-2025-27105

Low CVSS: 2.3

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor

Vyperlang

Product

Vyper

CWE

CWE-787

Yayın Tarihi

2025-02-21 22:15:13

Güncelleme

2025-03-28 20:02:28

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-787 Vyper LOW Vyperlang 2025

Referanslar

https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp

Benzer Kayıtlar

Low

CVE-2025-26622

vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate…

Low

CVE-2025-27104

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the i…

Low

CVE-2025-21607

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) an…