CVE-2023-42441
Summary
| CVE | CVE-2023-42441 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-18 21:16:00 UTC |
| Updated | 2023-09-21 18:19:00 UTC |
| Description | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string. |
Risk And Classification
Problem Types: CWE-667
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| incorrect re-entrancy lock when key is empty string · Advisory · vyperlang/vyper · GitHub | MISC | github.com | |
| fix: only allow valid identifiers to be nonreentrant keys by charles-cooper · Pull Request #3605 · vyperlang/vyper · GitHub | MISC | github.com | |
| fix: only allow valid identifiers to be nonreentrant keys (#3605) · vyperlang/vyper@0b74028 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995302 Python (Pip) Security Update for vyper (GHSA-3hg2-r75x-g69m)