Common Weakness Enumeration

CWE-670

Allowed-with-Review

Always-Incorrect Control Flow Implementation

Abstraction: Class · Status: Draft

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

203 vulnerabilities reference this CWE, most recent first.

CVE-2024-25622 (GCVE-0-2024-25622)

Vulnerability from cvelistv5 – Published: 2024-10-11 14:20 – Updated: 2024-10-11 14:46
VLAI
Title
H2O ignores headers configuration directives
Summary
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes (e.g., path level) are expected to inherit the configuration defined in outer scopes (e.g., global level). However, if a header directive is used in the inner scope, all the definition in outer scopes are ignored. This can lead to headers not being modified as expected. Depending on the headers being added or removed unexpectedly, this behavior could lead to unexpected client behavior. This vulnerability is fixed in commit 123f5e2b65dcdba8f7ef659a00d24bd1249141be.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
Impacted products
Vendor Product Version
h2o h2o Affected: < 123f5e2b65dcdba8f7ef659a00d24bd1249141be
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:46:20.223232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T14:46:36.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "h2o",
          "vendor": "h2o",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 123f5e2b65dcdba8f7ef659a00d24bd1249141be"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes (e.g., path level) are expected to inherit the configuration defined in outer scopes (e.g., global level). However, if a header directive is used in the inner scope, all the definition in outer scopes are ignored. This can lead to headers not being modified as expected. Depending on the headers being added or removed unexpectedly, this behavior could lead to unexpected client behavior. This vulnerability is fixed in commit 123f5e2b65dcdba8f7ef659a00d24bd1249141be."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T14:20:31.921Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj"
        },
        {
          "name": "https://github.com/h2o/h2o/issues/3332",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/h2o/h2o/issues/3332"
        },
        {
          "name": "https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be"
        }
      ],
      "source": {
        "advisory": "GHSA-5m7v-cj65-h6pj",
        "discovery": "UNKNOWN"
      },
      "title": "H2O ignores headers configuration directives"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-25622",
    "datePublished": "2024-10-11T14:20:31.921Z",
    "dateReserved": "2024-02-08T22:26:33.511Z",
    "dateUpdated": "2024-10-11T14:46:36.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5659 (GCVE-0-2024-5659)

Vulnerability from cvelistv5 – Published: 2024-06-14 16:42 – Updated: 2024-08-01 21:18
VLAI
Title
Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers
Summary
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
Impacted products
Vendor Product Version
Rockwell Automation ControlLogix® 5580 Affected: 34.011
Create a notification for this product.
Rockwell Automation GuardLogix 5580 Affected: 34.011
Create a notification for this product.
Rockwell Automation 1756-EN4 Affected: 4.001
Create a notification for this product.
Rockwell Automation CompactLogix 5380 Affected: 34.011
Create a notification for this product.
Rockwell Automation Compact GuardLogix 5380 Affected: 34.011
Create a notification for this product.
Rockwell Automation CompactLogix 5480 Affected: 34.011
Create a notification for this product.
rockwellautomation controllogix_5580 Affected: 34.011
    cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation guardlogix_5580 Affected: 34.011
    cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation 1756_en4 Affected: 4.001
    cpe:2.3:a:rockwellautomation:1756_en4:0:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation compact_logix_5480 Affected: 34.011
    cpe:2.3:a:rockwellautomation:compact_logix_5480:34.011:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation compact_guardlogix_5480 Affected: 34.011
    cpe:2.3:a:rockwellautomation:compact_guardlogix_5480:34.011:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation compactlogix Affected: 5480
    cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-13 13:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "controllogix_5580",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "34.011"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "guardlogix_5580",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "34.011"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:1756_en4:0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "1756_en4",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "4.001"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:compact_logix_5480:34.011:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compact_logix_5480",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "34.011"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:compact_guardlogix_5480:34.011:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compact_guardlogix_5480",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "34.011"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compactlogix",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "5480"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-15T19:57:53.882617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-15T20:23:20.243Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ControlLogix\u00ae 5580",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "34.011"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GuardLogix 5580",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "34.011"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "1756-EN4",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "4.001"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CompactLogix 5380",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "34.011"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Compact GuardLogix 5380",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "34.011"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CompactLogix 5480",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "34.011"
            }
          ]
        }
      ],
      "datePublic": "2024-06-13T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eabnormal packets to the \u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003emDNS port.\u0026nbsp;\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf exploited, the availability of the device would be compromised.\u003c/span\u003e\n\n"
            }
          ],
          "value": "Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port.\u00a0If exploited, the availability of the device would be compromised."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-624",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-624 Hardware Fault Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670 Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T16:42:20.699Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eControlLogix\u00ae 5580\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.014, V35.013, V36.011 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eGuardLogix 5580\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.014, V35.013, V36.011 and later \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e1756-EN4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV4.001\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV6.001 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCompactLogix 5380\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.014, V35.013, V36.011 and later \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eCompact GuardLogix \u003c/a\u003e\u003cb\u003e\u0026nbsp;\u003c/b\u003e5380\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.014, V35.013, V36.011 and later \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCompactLogix 5480\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV34.014, V35.013, V36.011 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; Users who do not use \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eAutomatic Policy Deployment (APD)\u003c/a\u003e\u0026nbsp;should block \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003emDNS port, 5353\u003c/a\u003e\u0026nbsp;to help prevent communication.\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; Enable CIP \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eSecurity. \u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf\"\u003eCIP Security with Rockwell Automation Products Application Technique\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Product\n\nFirst Known in firmware revision\n\nCorrected in firmware revision\n\nControlLogix\u00ae 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\nGuardLogix 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\n1756-EN4\n\nV4.001\n\nV6.001 and later\n\nCompactLogix 5380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompact GuardLogix \u00a05380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompactLogix 5480\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Users who do not use  CIP Security with Rockwell Automation Products Application Technique https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf \n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-5659",
    "datePublished": "2024-06-14T16:42:20.699Z",
    "dateReserved": "2024-06-05T16:47:18.275Z",
    "dateUpdated": "2024-08-01T21:18:06.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0313 (GCVE-0-2024-0313)

Vulnerability from cvelistv5 – Published: 2024-03-14 09:11 – Updated: 2024-08-02 19:28
VLAI
Summary
A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
Impacted products
Vendor Product Version
Skyhigh Skyhigh Client Proxy Affected: 4.8.1
Create a notification for this product.
skyhighsecurity client_proxy Affected: 4.8.1
    cpe:2.3:a:skyhighsecurity:client_proxy:4.8.1:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Winston Ho (@violenttestpen)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:48.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10418"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:skyhighsecurity:client_proxy:4.8.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "client_proxy",
            "vendor": "skyhighsecurity",
            "versions": [
              {
                "status": "affected",
                "version": "4.8.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0313",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T19:26:05.838851Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:28:22.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Skyhigh Client Proxy",
          "vendor": "Skyhigh",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Winston Ho (@violenttestpen)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. "
            }
          ],
          "value": "A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. "
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670 Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-14T09:11:29.770Z",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10418"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2024-0313",
    "datePublished": "2024-03-14T09:11:29.770Z",
    "dateReserved": "2024-01-08T08:01:23.678Z",
    "dateUpdated": "2024-08-02T19:28:22.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49798 (GCVE-0-2023-49798)

Vulnerability from cvelistv5 – Published: 2023-12-08 23:35 – Updated: 2024-08-02 22:01
VLAI
Title
Duplicated execution of subcalls in OpenZeppelin Contracts
Summary
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-699g-q6qh-q4v8",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-699g-q6qh-q4v8"
          },
          {
            "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/88ac712e06832bce73b41e8166cded2729e25205",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/88ac712e06832bce73b41e8166cded2729e25205"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openzeppelin-contracts",
          "vendor": "OpenZeppelin",
          "versions": [
            {
              "status": "affected",
              "version": "= 4.9.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-08T23:35:24.467Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-699g-q6qh-q4v8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-699g-q6qh-q4v8"
        },
        {
          "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/88ac712e06832bce73b41e8166cded2729e25205",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/88ac712e06832bce73b41e8166cded2729e25205"
        }
      ],
      "source": {
        "advisory": "GHSA-699g-q6qh-q4v8",
        "discovery": "UNKNOWN"
      },
      "title": "Duplicated execution of subcalls in OpenZeppelin Contracts"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49798",
    "datePublished": "2023-12-08T23:35:24.467Z",
    "dateReserved": "2023-11-30T13:39:50.863Z",
    "dateUpdated": "2024-08-02T22:01:26.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41338 (GCVE-0-2023-41338)

Vulnerability from cvelistv5 – Published: 2023-09-08 18:17 – Updated: 2024-09-26 14:05
VLAI
Title
Vulnerability in Ctx.IsFromLocal() in gofiber
Summary
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
Impacted products
Vendor Product Version
gofiber fiber Affected: < 2.49.2
Create a notification for this product.
gofiber fiber Affected: 0 , < 2.49.2 (custom)
    cpe:2.3:a:gofiber:fiber:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:01:34.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f"
          },
          {
            "name": "https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc"
          },
          {
            "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For"
          },
          {
            "name": "https://docs.gofiber.io/api/ctx#isfromlocal",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.gofiber.io/api/ctx#isfromlocal"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:gofiber:fiber:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fiber",
            "vendor": "gofiber",
            "versions": [
              {
                "lessThan": "2.49.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T13:59:21.650864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:05:03.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fiber",
          "vendor": "gofiber",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.49.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T18:17:18.044Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f"
        },
        {
          "name": "https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc"
        },
        {
          "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For"
        },
        {
          "name": "https://docs.gofiber.io/api/ctx#isfromlocal",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.gofiber.io/api/ctx#isfromlocal"
        }
      ],
      "source": {
        "advisory": "GHSA-3q5p-3558-364f",
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerability in Ctx.IsFromLocal() in gofiber"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-41338",
    "datePublished": "2023-09-08T18:17:18.044Z",
    "dateReserved": "2023-08-28T16:56:43.368Z",
    "dateUpdated": "2024-09-26T14:05:03.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41058 (GCVE-0-2023-41058)

Vulnerability from cvelistv5 – Published: 2023-09-04 22:39 – Updated: 2024-09-30 17:43
VLAI
Title
Trigger `beforeFind` not invoked in internal query pipeline in parse-server
Summary
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server's security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
Impacted products
Vendor Product Version
parse-community parse-server Affected: >= 1.0.0, < 5.5.5
Affected: >= 6.0.0, < 6.2.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5"
          },
          {
            "name": "https://docs.parseplatform.org/parse-server/guide/#security",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.parseplatform.org/parse-server/guide/#security"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.5"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/6.2.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41058",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T17:43:38.959274Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T17:43:48.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-server",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 5.5.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server\u0027s security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-04T22:39:55.276Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5"
        },
        {
          "name": "https://docs.parseplatform.org/parse-server/guide/#security",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.parseplatform.org/parse-server/guide/#security"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.5"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/6.2.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.2"
        }
      ],
      "source": {
        "advisory": "GHSA-fcv6-fg5r-jm9q",
        "discovery": "UNKNOWN"
      },
      "title": "Trigger `beforeFind` not invoked in internal query pipeline in parse-server"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-41058",
    "datePublished": "2023-09-04T22:39:55.276Z",
    "dateReserved": "2023-08-22T16:57:23.934Z",
    "dateUpdated": "2024-09-30T17:43:48.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41052 (GCVE-0-2023-41052)

Vulnerability from cvelistv5 – Published: 2023-09-04 17:36 – Updated: 2024-09-26 18:30
VLAI
Title
Vyper: incorrect order of evaluation of side effects for some builtins
Summary
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
Impacted products
Vendor Product Version
vyperlang vyper Affected: <= 0.3.9
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq"
          },
          {
            "name": "https://github.com/vyperlang/vyper/pull/3583",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/pull/3583"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T18:04:38.192633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T18:30:33.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vyper",
          "vendor": "vyperlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.3.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-04T17:36:23.480Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq"
        },
        {
          "name": "https://github.com/vyperlang/vyper/pull/3583",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vyperlang/vyper/pull/3583"
        }
      ],
      "source": {
        "advisory": "GHSA-4hg4-9mf5-wxxq",
        "discovery": "UNKNOWN"
      },
      "title": "Vyper: incorrect order of evaluation of side effects for some builtins"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-41052",
    "datePublished": "2023-09-04T17:36:23.480Z",
    "dateReserved": "2023-08-22T16:57:23.933Z",
    "dateUpdated": "2024-09-26T18:30:33.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40015 (GCVE-0-2023-40015)

Vulnerability from cvelistv5 – Published: 2023-09-04 17:39 – Updated: 2024-11-19 16:46
VLAI
Title
Vyper: reversed order of side effects for some operations
Summary
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
Impacted products
Vendor Product Version
vyperlang vyper Affected: <= 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:54.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T18:04:27.979211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T18:30:19.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vyper",
          "vendor": "vyperlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, \u0026, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, \u003c, \u003e, \u003c=, \u003e=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T16:46:23.708Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf"
        }
      ],
      "source": {
        "advisory": "GHSA-g2xh-c426-v8mf",
        "discovery": "UNKNOWN"
      },
      "title": "Vyper: reversed order of side effects for some operations"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-40015",
    "datePublished": "2023-09-04T17:39:12.822Z",
    "dateReserved": "2023-08-08T13:46:25.241Z",
    "dateUpdated": "2024-11-19T16:46:23.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32675 (GCVE-0-2023-32675)

Vulnerability from cvelistv5 – Published: 2023-05-19 19:46 – Updated: 2025-02-12 16:36
VLAI
Title
Nonpayable default functions are sometimes payable in vyper
Summary
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
Impacted products
Vendor Product Version
vyperlang vyper Affected: < 0.3.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762"
          },
          {
            "name": "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T17:07:30.282818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T16:36:34.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vyper",
          "vendor": "vyperlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.3.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-04T13:48:07.129Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762"
        },
        {
          "name": "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520"
        }
      ],
      "source": {
        "advisory": "GHSA-vxmm-cwh2-q762",
        "discovery": "UNKNOWN"
      },
      "title": "Nonpayable default functions are sometimes payable in vyper"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-32675",
    "datePublished": "2023-05-19T19:46:18.047Z",
    "dateReserved": "2023-05-11T16:33:45.730Z",
    "dateUpdated": "2025-02-12T16:36:34.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30629 (GCVE-0-2023-30629)

Vulnerability from cvelistv5 – Published: 2023-04-24 21:58 – Updated: 2025-02-12 16:35
VLAI
Title
Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value
Summary
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
Impacted products
Vendor Product Version
vyperlang vyper Affected: >= 0.3.1, <= 0.3.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:28:52.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9"
          },
          {
            "name": "https://github.com/lidofinance/gate-seals/pull/5/files",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/lidofinance/gate-seals/pull/5/files"
          },
          {
            "name": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae"
          },
          {
            "name": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call"
          },
          {
            "name": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T20:54:22.454011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T16:35:42.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vyper",
          "vendor": "vyperlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.3.1, \u003c= 0.3.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put  `max_outsize\u003e0`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-24T21:58:00.227Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9"
        },
        {
          "name": "https://github.com/lidofinance/gate-seals/pull/5/files",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lidofinance/gate-seals/pull/5/files"
        },
        {
          "name": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae"
        },
        {
          "name": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call"
        },
        {
          "name": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164"
        }
      ],
      "source": {
        "advisory": "GHSA-w9g2-3w7p-72g9",
        "discovery": "UNKNOWN"
      },
      "title": "Vyper\u0027s raw_call with outsize=0 and revert_on_failure=False returns incorrect success value"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-30629",
    "datePublished": "2023-04-24T21:58:00.227Z",
    "dateReserved": "2023-04-13T13:25:18.834Z",
    "dateUpdated": "2025-02-12T16:35:42.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.